On Mon, 2008-11-03 at 13:43 -0600, Nicholas Leippe wrote: > On Monday 03 November 2008 11:35:13 am Mike Lovell wrote: > > iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT > > <repeated a few times of ip addresses to white list> > > iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP > > Try: > > iptables -A FORWARD -s 192.168.1.2 -j DROP > > (w/o the -d 0.0.0.0/0)
I believe Nick is right. I would just add that on the LAN side of things, I would REJECT rather than DROP. That'll save your host the hassle of waiting for a timeout. Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
