[EMAIL PROTECTED] wrote:
>Couldn't your problem be solved by manipulating ipchains in your ip-up
>and ip-down scripts?
>
>ip-up:
> forward outbound packets from restricted addresses
>
>ip-down:
> ignore outbound packets from restricted addresses
>
>Outbound packets from restricted addresses would only be forwarded if
>the link was brought up from an unrestricted machine?
This already happens with the diald settings to ignore those ip
addresses: banned ip's cannot bring the link up, because diald ignores
those packets (they are not yet masqueraded, because masquerading is
activated when the link goes up in ip-up).
Whatever I do, if the banned ip addresses can surf the net (which I
want), then diald will see those packets and keep the link up (which I
do not want). If diald would identify those packets as coming from the
banned ip's (demasquerade them), instead of from the
public.dynamic.assigned.ip, then it could ignore them.
Thanks.
--
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
