Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
how can an iptable rule be written to block some ip addresses before
they get to the rules
iptables -t mangle -A FORWARD
AND
iptables -t nat -A PREROUTING
???
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 08 April 2003 03:04, Hanasaki JiJi wrote:
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> iptables -t mangle -A
Hanasaki JiJi <[EMAIL PROTECTED]> writes:
>
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> iptables -t mangle -A FORWARD
> AND
> iptables -t nat -A PR
On Tue, 08 Apr 2003 at 03:17:18PM -0700, Kevin Buhr wrote:
>
> Also note that the mangle PREROUTING chain is run on all incoming
> packets before any other chain, so:
>
> iptables -t mangle -I PREROUTING -s badbox.evil -j DROP
>
> should drop all packets from "badbox.evil" before any oth
4 matches
Mail list logo
