On Wednesday 10 July 2002 4:49 pm, Jan Humme wrote: > On Wednesday 10 July 2002 16:43, Antony Stone wrote:
> > The mangle table might be your answer. etc........... > I don't get it: the source original addresses are only SNATted *after* the > FORWARD chain has already been filtered, there is no need to (ab)use the > mangle chain for this purpose? Or am I misunderstanding something? > > So he can directly create one rule in FORWARD chain to drop the packets; > but his problem seems to be that he doesn't know which IP-addresses he > wants to block. Ah. Okay then; in that case I misunderstood the problem and I gave an unhelpful solution. Sorry. If the original poster doesn't know what addresses s/he wishes to block, then I can't think of a netfilter rule which will help :-) Antony.
