I think that with iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state NEW -o $EXT_INT -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
that will eliminate that problem. ----- Original Message ----- From: "Aviram Jenik" <[EMAIL PROTECTED]> To: "'Meir Michanie'" <[EMAIL PROTECTED]>; "'iglu'" <[EMAIL PROTECTED]> Sent: Friday, November 08, 2002 5:57 PM Subject: RE: killing existing connections. > Hi, > > > > > I am trying to develop a pay per routing limited by time. (lets say > > 15mins) > > > [...] > > step 2:after you pay I should allow youe mac address for free > > forwarding. > > > [...] > > > > iptables -t nat -I PREROUTING -m mac --mac-source > > 00:20:18:2D:6B:20 -j > > ACCEPT > > > > Sounds cool. Now let me see if I understand: just after I pay for your > service all the kiddies can do something like: > > $ ifconfig eth0 hw ether 00:20:18:2D:6B:20 > > And connect on my expense. Right? > > I would definitely think twice before joining your service. > > - Aviram > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
