Corey Edwards wrote:
On Thu, 2005-12-29 at 19:58 -0700, Stephen Smith wrote:
iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP
iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP
iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport
80,8080,8008,443 -j DROP
The filter table has 3 built-in chains, INPUT, OUTPUT and FORWARD. A
packet will transit only one of these chains. INPUT is for packets which
match an IP address of the box. OUTPUT is for packets generated locally
and destined externally. FORWARD is for packets which are generated
externally and are destined externally as well.
So, you've asked iptables to filter traffic in INPUT when the packets
will only be in FORWARD. You simply need a rule like this:
# iptables -A FORWARD -s 192.168.1.x -j REJECT
I prefer a REJECT in this case so that you get an immediate error on the
win98 box rather than waiting for a timeout.
Since this rule is in the FORWARD chain, it will have no affect on local
traffic destined for this box. Those packets will be hitting the INPUT
chain instead. It also won't affect any traffic which goes directly
between the Win98 box and any other machine on the network since that
will occur strictly between those two boxes and never involve the
firewall.
Corey
------------------------------------------------------------------------
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
You all are great, every suggestion worked. Thanks.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
