There is a place for webmin - especially when you need to hand over a
system to users as a contractor.
For iptables everything got easier when I started using iptables -S which
displays the existing rules in the same manner that you specify them
instead of the constant mental context switching
On Mon, Feb 15, 2016 at 4:37 PM, Ken D'Ambrosio wrote:
> Every time I think I'm getting to the point where I might understand IP
> Tables, I do something that proves that, no, I really don't. Today's
> confusion: I want to set up a virtual NIC to do port forwarding. But
> first, I wanted to ge
> first, I wanted to get the port forward part of the equation straight.
> So I wound up executing these commands:
>
> iptables -t nat -A PREROUTING -p tcp --dport 8774 -j DNAT --to
> 172.23.242.39:8774
> iptables -A FORWARD -d 172.23.242.39 -p tcp --dport 8774 -j ACCEPT
traight.
So I wound up executing these commands:
iptables -t nat -A PREROUTING -p tcp --dport 8774 -j DNAT --to
172.23.242.39:8774
iptables -A FORWARD -d 172.23.242.39 -p tcp --dport 8774 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
Worked great. I then did an "ifconfig eth0:1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Friday 03 January 2014, Curt Howland was heard to say:
> So, I rebooted into kernel 3.2.x and logging works just fine.
>
> However, in trying to recompile 3.12, I don't find that logging
> module. I searched in "menuconfig", but it wasn't there.
INVALID -j DROP
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
- -A INPUT -m limit --limit 3/min --limit-burst 10 -j
LOG --log-prefix "[INPUT6]: "
COMMIT
# Completed on Fri Jan 3 20:55:13 2014
# Generated by iptables-save v1.4.14 on Fri Jan 3 20:55:40 2014
*filter
:INPUT DROP [82:2
On Wed, May 19, 2010 at 9:26 AM, Kevin D. Clark
wrote:
> Have you given any consideration to the fact that in HTTP 1.1 there
> are persistent connections and that the level of control offered to
> you by iptables might be too low-level for you to effectively manage
> the traffic that
r example mod_cband, mod_bw, mod_qos or limitipconn but
> only mod_cband appears to be applicable to my environment and reasonably
> maintained.
>
> I was more interested in an iptables rule that I could dynamically create
> (perhaps tying into portsentry) or else a squid solution because it
Greg Rundlett (freephile) writes:
> I'm running Apache on a RedHat ES 4 with a 2.6.9 kernel.
>
> Occasionally we'll get a bunch of web requests from a single source (example
> user agent of HTTrack or Opera or IE5 will all give a user the ability to
> make a huge number of web requests). This tie
available workers are sending responses (and might be waiting on the
client-side connection speed as well). "Ties up" as in DoS -- nobody else
can get to the website.
I'm wondering what iptables rule might be able to throttle / limit the
number of connections to a particular IP base
On 08/11/2009 04:50 PM, Flaherty, Patrick wrote:
> I don't
> totally understand why it works, but after removing the -0 eth1 from the
> FORWARD chain it works right.
So, I think what's going on is that IPTables moves a packet from one
'bucket' to another, depending o
e?:
> net.ipv4.ip_forward = 1
Yes, this was already set in sysctl
>
> > #accept all traffic on eth0, send it thru eth1, seems like *some*
> > packets should show up on eth1 eh?
> > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
>
> Does the packet exist in both -i eth0
traffic on eth0, send it thru eth1, seems like *some*
> packets should show up on eth1 eh?
> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Does the packet exist in both -i eth0 and -o eth1 states if it's being
forwarded or just one at a time? That is, perhaps -i eth0 would be
enough
I'm trying to be able to simulate slow/throttled/crappy internet for a
client server app. My plan was to have the client connect to eth0, use
an iptables preroute dnat to the destination, and have a static route
for the destination go thru eth1, where I could use tc on eth1 to
simulated diff
In message <155dc4110906211101h3c686132t1faca1445cca...@mail.gmail.com>, Ben
Scott writes:
> > ... iptables ... rules ... the number rarely exceeds 5 digits
>
> That's still a heaping huge pile of rules. :)
> Or have your MTA drop TCP connects on open, based on RBL
In message <155dc4110906211101h3c686132t1faca1445cca...@mail.gmail.com>, Ben
Scott writes:
> > ... iptables ... rules ... the number rarely exceeds 5 digits
>
> That's still a heaping huge pile of rules. :)
> Or have your MTA drop TCP connects on open, based on RBL
In message <155dc4110906211101h3c686132t1faca1445cca...@mail.gmail.com>, Ben
Scott writes:
> > ... iptables ... rules ... the number rarely exceeds 5 digits
>
> That's still a heaping huge pile of rules. :)
> Or have your MTA drop TCP connects on open, based on RBL
In message <155dc4110906211101h3c686132t1faca1445cca...@mail.gmail.com>, Ben
Scott writes:
> > ... iptables ... rules ... the number rarely exceeds 5 digits
>
> That's still a heaping huge pile of rules. :)
> Or have your MTA drop TCP connects on open, based on RBL
it at will.
(3) Examine your choice of hash algorithm. I forget exactly what this
does or means, but apparently one is faster than the other for some
things. Google for a FAQ. I'm pretty sure changing this means
remaking the filesystem, though.
(4) Reverse the polarity of the neutron flow.
lot of
>> context
>> > switching. Now, I've just cleared out iptables back to the default
>> handful
>> > of rules, and I see the %si back down to the usual <3%. So, I'm
>> guessing
>> > that each packet comes in causes a system interrru
On Thu, Jan 29, 2009 at 05:57:24PM -0500, Alan Johnson wrote:
> Very sweet! I'll have to look into that. I've had good experience with
> shorewall in the past, and there is a nice webmin module for it, but I've
> been holding off in this case it since iptables is e
On Fri, Jan 30, 2009 at 6:23 PM, Kevin D. Clark
wrote:
> > I also saw high load average at times of high %si, so I had chaulked it
> up
> > to a work-station grade processor not being able to handle a lot of
> context
> > switching. Now, I've just cleared out
e processor not being able to handle a lot of context
> switching. Now, I've just cleared out iptables back to the default handful
> of rules, and I see the %si back down to the usual <3%. So, I'm guessing
> that each packet comes in causes a system interrrupt and the mor
x27;ll have to look into that. I've had good experience with
> shorewall in the past, and there is a nice webmin module for it, but I've
> been holding off in this case it since iptables is easy enough to use for my
> simple IPA blocks, and I expect better perfomance with iptables
n module for it, but I've
been holding off in this case it since iptables is easy enough to use for my
simple IPA blocks, and I expect better perfomance with iptables since it is
built into the kernel, but I don't really know.
I love the idea of a failed-login monitor that hooks into sho
to a work-station grade processor not being able to handle a lot of context
switching. Now, I've just cleared out iptables back to the default handful
of rules, and I see the %si back down to the usual <3%. So, I'm guessing
that each packet comes in causes a system interrrupt and the more
ound those files are
> kind of deprecated and switch to iptables.
>
denyhosts is a python script that goes though your /var/log/secure file
looking for sshd logging info.
It adds the "bad hosts" to hosts.deny to prevent ssh login attempts.
Entries can be permanent or temporary.
Umm, yum
On Fri, Jan 23, 2009 at 11:25 AM, Tom Buskey wrote:
> Given all this, would it be possible to use something like denyhosts to
> block IPs?
>
You mean /etc/hosts.deny? I started there, but I found those files are kind
of deprecated and switch to
SPAM sources are mis-configured mail servers and
> botnets. While using iptables seems like a good idea, you're going to
> end up blocking more then half of the IP space.
>
> I would recommend using Spamhaus's ZEN blocklist
> (http://www.spamhaus.org/zen/index.lasso). It is much mo
On Thu, Jan 22, 2009 at 5:19 PM, Alan Johnson wrote:
> I'm using a simple `iptables -A INPUT -s $ipa -j DROP` in a script to block
> known spammers that show up in my mail log. I created a seperate script to
> purge out some older offenders but I broke it (now fixed) and at about
This is something I haven't seen mention of;
While it might seem logical to block SPAM sources at the network level,
I would feel that you could be blocking legitimate mail/users at the
same time. Many SPAM sources are mis-configured mail servers and
botnets. While using iptables seems l
On Fri, Jan 23, 2009 at 11:06 AM, Kevin D. Clark
wrote:
>
> Alan Johnson writes:
>
> > I'm using a simple `iptables -A INPUT -s $ipa -j DROP` in a script to
> block
> > known spammers that show up in my mail log. I created a seperate script
> to
> > purge o
Alan Johnson writes:
> I'm using a simple `iptables -A INPUT -s $ipa -j DROP` in a script to block
> known spammers that show up in my mail log. I created a seperate script to
> purge out some older offenders but I broke it (now fixed) and at about 123K
> blocked IPAs, I get
entially innocent systems, but if you're blocking mail by IP
address and TCP connection you've prolly already accepted that.
> ... at about 123K blocked IPAs ...
Just to make sure: You mean 123,000 distinct iptables rule entries?
> Is iptables really limited to that m
On 2009-01-22 5:19 PM, Alan Johnson wrote:
> and at about 123K blocked IPA
I bet with some clever scripting you could find many 'evil' netblocks in
those addrs such that you could get your list, say, in half. Bonus if
you can cross-reference with the IP's of legit mails you've received.
Or use
I'm using a simple `iptables -A INPUT -s $ipa -j DROP` in a script to block
known spammers that show up in my mail log. I created a seperate script to
purge out some older offenders but I broke it (now fixed) and at about 123K
blocked IPAs, I get "iptables: Memory allocation problem
My iptables situation is very simple, fortunately. :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Scott
Sent: Monday, September 22, 2008 4:27 PM
To: Greater NH Linux User Group
Subject: Re: iptables
On Mon, Sep 22, 2008 at 3:56 PM, Labitt, Bruce
On Mon, Sep 22, 2008 at 3:56 PM, Labitt, Bruce
<[EMAIL PROTECTED]> wrote:
> If I already have an iptables file, how do I go about editing it?
Well, if I remember correctly, the Red Hat scripts save the
information in a file , which has fairly
self-explanatory syntax. You can reload an
Thanks Ben.
Now I have some more reading to do :) . I will go thru the list below
to make sure there aren't any stupid bugs (tm). I do have a firewall on
the corporate side AND obviously, corporate has their own. I've been
warned...
If I already have an iptables file, how do
for you, if run as root:
# turn on IP tables service
service iptables start
chkconfig iptables on
# clear all existing rules and chains in both "nat" and "filter" tables
iptables -t filter -F
iptables -t filter -X
i
her) and everything else. The
> > trusted network is on eth0, and the other is on eth1.
>
...
>
> That thread didn't get into the low-level details of which iptables
> commands to run, though.
>
>
http://www.webmin.com/ has a fairly easy and nice interface for config
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Scott
Sent: Monday, September 22, 2008 10:57 AM
To: Greater NH Linux User Group
Subject: Re: iptables
On Mon, Sep 22, 2008 at 10:06 AM, Labitt, Bruce
<[EMAIL PROTECTED]> wrote:
> I am trying to
distribution already has a mechanism in place to
configure iptables. Are you still using running Sci Linux 5, or have
you changed to something else by now?
> Ben, do you remember this?
No, but my GMail account does. :) That let me dig up the archived thread:
http://thread.gmane.org/gmane
rfaces (or all as below)
echo 1> /proc/sys/net/ipv4/conf/all/forwarding
This assumes you've got your IPTables rules setup right of course to do any
blocking/redirecting/etc you have in mind and I'm sure there are lots of
how-tos that Google can find there.
-N
__
I am trying to configure my firewall at work. I need to have an
internal trusted network (my number-cruncher) and everything else. The
trusted network is on eth0, and the other is on eth1.
How do I set this up? IIRC I had this setup for my myth-box. However,
I haven't found the answer in the a
On Mar 9, 2007, at 18:14, David A. Long wrote:
I have a small sequential block of public IP addresses I would like to
filter through to matching servers on my private network. The
iptables
NETMAP target looks like it might do this efficiently (combined with a
lot of other rules to filter
On 3/9/07, David A. Long <[EMAIL PROTECTED]> wrote:
The iptables NETMAP target looks like it might do this
efficiently ...
It may. I don't know if NETMAP also invokes the connection tracking
and packet rewriting stuff or not. If not, then protocols which need
to know abou
I have a small sequential block of public IP addresses I would like to
filter through to matching servers on my private network. The iptables
NETMAP target looks like it might do this efficiently (combined with a
lot of other rules to filter out unwanted traffic). But I cannot
understand how the
Ben, thanks for the script! It turns out that some modules were
installed but the lack of ip_conntrack_ftp.ko being installed made all
the difference!
I hadn't realized that iptables could have kernel module dependencies, I
learned something new!
connecting to
the server, correct? If so try this:
insmod ip_conntrack_ftp.ko
insmod ip_nat_ftp.ko
iptables -A OUTPUT -p tcp -d --dport 25 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISH,RELATED -j ACCEPT
note you don't need to install ip_nat_ftp unless you have boxes sitting
behind this one.
On Tue, 2006-07-18 at 15:26 -0400, Chris Brenton wrote:
>
> iptables -A OUTPUT -p tcp -d --dport 25 -j ACCEPT
Dooh! Change that to be:
iptables -A OUTPUT -p tcp -d --dport 21 -j ACCEPT
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhl
, correct? If so try this:
insmod ip_conntrack_ftp.ko
insmod ip_nat_ftp.ko
iptables -A OUTPUT -p tcp -d --dport 25 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISH,RELATED -j ACCEPT
note you don't need to install ip_nat_ftp unless you have boxes sitting
behind this on
On 7/18/06, Steven W. Orr <[EMAIL PROTECTED]> wrote:
Also, don't you need to have ip_conntrack loaded to deal with ftp?x
Various modules definitely need to be loaded. What I'm not sure
about is which ones are loaded automatically by the kernel/iptables
and which ones n
On Tuesday, Jul 18th 2006 at 07:09 -0400, quoth Ben Scott:
=>On 7/17/06, Dan Coutu <[EMAIL PROTECTED]> wrote:
=>> I am expecting that following line opens traffic to the remote server on
=>> whatever port passive mode ftp chooses to use:
=>
=> Are these iptables rule
On 7/17/06, Dan Coutu <[EMAIL PROTECTED]> wrote:
I am expecting that following line opens traffic to the remote server on
whatever port passive mode ftp chooses to use:
Are these iptables rules on the FTP client, or the FTP server?
I will assume the FTP server. I'll also assume
I'm trying to troubleshoot what seems like it ought to be a simple
iptables configuration. Here's the goal here:
The server has a cron job that periodically uses ftp to fetch from a
remote server an updated script to be used for doing backups.
ftp is configured to use passive m
Where is the UAS running that the client is communicating too?
The re-INVITE should have the same call-id, branch and to tag, so I'm
thinking the UAS will pick up the IP change which is ultimately what you
want.
Ed
Bill McGonigle wrote:
On Dec 15, 2005, at 18:22, [EMAIL PROTECTED] wrote:
On Dec 15, 2005, at 18:22, [EMAIL PROTECTED] wrote:
When the IP address on the client changes, it sends a reinvite to the
NAT box to tell it what the new IP address is.
I don't know SIP beyond a magazine article, but at a higher level it
sounds like you need something like a mod_conntrack_si
ress, I'm just making these up), but the session to the server needs to
> > be
> maintained.
>
> I don't think that is possible with "off the shelf" IPTables. I'm
> think you could do it with enough custom code, but not easily.
I thought that there wa
possible with "off the shelf" IPTables. I'm
think you could do it with enough custom code, but not easily.
> The NAT box will know when the ip address changes and what the new
address is.
How does it know that?
Can you explain what the situation is?
-- Ben
Hi All,
This is a rather odd question, and I'm not even sure that it is possible, but
I'll give it a try. I need to figure out a way to maintain a session through a
NAT box when the client changes the IP address. So, the situation looks like
this:
Clients -->
what I think You're replying to.> On 9/10/05, Jeff Kinz <[EMAIL PROTECTED]> wrote:> > On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> > > I've got a server sitting inside my firewall (netfilter/iptables)> > and I need > to make it completely acc
n 9/10/05, Jeff Kinz <[EMAIL PROTECTED]> wrote:
> > On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> > > I've got a server sitting inside my firewall (netfilter/iptables)
> > and I need > to make it completely accessible to clients coming from
> > specif
That's the hope, yes, as I do run a couple of other services (smtp, http(s)) via port forwarding.On 9/10/05, Jeff Kinz <
[EMAIL PROTECTED]> wrote:On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> Hi All,>> I've got a server sitting inside my firewall (netfilter/ipta
On Sat, Sep 10, 2005 at 12:09:31PM -0400, Star wrote:
> Hi All,
>
> I've got a server sitting inside my firewall (netfilter/iptables) and I need
> to make it completely accessible to clients coming from specific subnets.
> I've used iptables for NATing and other uses
Hi All,
I've got a server sitting inside my firewall (netfilter/iptables) and I
need to make it completely accessible to clients coming from specific
subnets. I've used iptables for NATing and other uses from the
inside out, but not for coming outside in, and since it's a window
Here is the solution I've created for some folk on Adelphia & Comcast.
I have an an email server running Postfix on a T1 connection to
relay through. I use Postfix. Sendmail, qmail, exim, etc. ought to
work similarly. Details are left as an exercise for the reader. ;-)
==
On Fri, 29 Aug 2003, at 6:31pm, [EMAIL PROTECTED] wrote:
>> Howdy, all. Adelphia -- God bless them -- has nixed my in-bound port 25,
>> so I can no longer receive e-mail on this account. Which is highly
>> annoying.
>
> Ya its getting pretty insane. choiceone.net is dropping _all_ ICMP on
> thei
On Fri, 29 Aug 2003, at 12:00pm, [EMAIL PROTECTED] wrote:
>> Adelphia's TOS prohibit hosting services of any kind on their Internet
>> feeds.
>
> I understand entirely.
Okay. I just wanted to make sure you understood what you are getting
into. :-)
> D'oh! Upon re-reading my e-mail, that's
On 29 Aug 2003, at 5:31pm, [EMAIL PROTECTED] wrote:
>>> I would personally use ssh to do that kind of redirection
>>> On machine a ssh -g -L 25:3.4.5.6:otherport 3.4.5.6
>>
>> It seems to me that would add needless overhead. You're already talking
>> about a public data stream (SMTP), so why both
about a public data stream (SMTP), so why bother spending the CPU cycles
>> to encrypt it for the last few steps?
>
> If you don't care about encryption, use netcat.
Better yet, use IPTables (as was originally suggested), which is done
entirely in the kernel, and thus will have
an 50 ms or
so). I used to get each of my public IP addresses spoofed about once
every five days. Now each legal IP is getting spoof 30+ per day. Of
course this also sucks down additional bandwidth. :(
In summary, I can no longer receive SMTP, so I'm looking for:
some magic iptables recipe to
That's true. the encryption is unneccessary
[EMAIL PROTECTED] wrote:
> On Fri, 29 Aug 2003, at 4:16pm, [EMAIL PROTECTED] wrote:
> > I would personally use ssh to do that kind of redirection
> > On machine a ssh -g -L 25:3.4.5.6:otherport 3.4.5.6
>
> It seems to me that would add nee
[EMAIL PROTECTED] writes:
> On Fri, 29 Aug 2003, at 4:16pm, [EMAIL PROTECTED] wrote:
> > I would personally use ssh to do that kind of redirection
> > On machine a ssh -g -L 25:3.4.5.6:otherport 3.4.5.6
>
> It seems to me that would add needless overhead. You're already talking
> about a publ
[EMAIL PROTECTED] wrote:
On Fri, 29 Aug 2003, at 4:16pm, [EMAIL PROTECTED] wrote:
I would personally use ssh to do that kind of redirection
On machine a ssh -g -L 25:3.4.5.6:otherport 3.4.5.6
It seems to me that would add needless overhead. You're already talking
about a public data stream
On Fri, 29 Aug 2003, at 4:16pm, [EMAIL PROTECTED] wrote:
> I would personally use ssh to do that kind of redirection
> On machine a ssh -g -L 25:3.4.5.6:otherport 3.4.5.6
It seems to me that would add needless overhead. You're already talking
about a public data stream (SMTP), so why bother spe
annoying.
> In summary, I can no longer receive SMTP, so I'm looking for:
> some magic iptables recipe to re-direct port 25 from machine a (1.2.3.4)
> to machine b (3.4.5.6). I've done some Googling and RTFMing, and I can
> only see how to re-direct from one port to another on the
on TCP/2525.
> Change as needed.
D'oh! Upon re-reading my e-mail, that's exactly what I _meant_ to ask.
*sigh* Senility sets in early, or somethin'.
> Do the following on the outside machine:
>
> iptables -t nat -A PREROUTING -d 1.2.3.4 -p TCP --dport 25
operator has in each
individual area. However, the above situation is still what we have to work
with. Whether or not you, I, or anyone else likes it does not change the
fact that it currently is.)
> some magic iptables recipe to re-direct port 25 from machine a (1.2.3.4)
> to machine b (3.4.5
> annoying.
> In summary, I can no longer receive SMTP, so I'm looking for:
> some magic iptables recipe to re-direct port 25 from machine a (1.2.3.4)
> to machine b (3.4.5.6). I've done some Googling and RTFMing, and I can
> only see how to re-direct from one port to another on t
Howdy, all. Adelphia -- God bless them -- has nixed my in-bound port 25,
so I can no longer receive e-mail on this account. Which is highly
annoying.
In summary, I can no longer receive SMTP, so I'm looking for:
some magic iptables recipe to re-direct port 25 from machine a (1.2.3.4)
to ma
Alright, FINALLY found an example for #1
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
207.22.18.51
Now I'm working on getting #2..
> I need two rules...
>
> 1. Anybody comin' thru interface eth1 gets sent to 1.2.3.4:80
> 2. The person with the
On Tue, 17 Jun 2003, at 3:47pm, [EMAIL PROTECTED] wrote:
> > 1. Anybody comin' thru interface eth1 gets sent to 1.2.3.4:80
> > 2. The person with the IP address 10.1.2.3 is allowed to get by that
> > redirect
IPTables chains are processed in order. Rules which match the
I sent this to another list, thought I would ask around here too..
> I need two rules...
>
> 1. Anybody comin' thru interface eth1 gets sent to 1.2.3.4:80
> 2. The person with the IP address 10.1.2.3 is allowed to get by that
> redirect
>
> PLEASE HELP!
>
>
___
On Sun, 8 Jun 2003, at 3:18pm, [EMAIL PROTECTED] wrote:
> iptables -A FORWARD -i eth1 -m state --state NEW -d 0/0 -j ACCEPT
> iptables -A INPUT -i eth1 -m state --state NEW -d 0/0 -j ACCEPT
> iptables -A INPUT -i lo -m state --state NEW -d 127.0.0.1 -j ACCEPT
> iptables -A OUTPUT -m s
ds below
do exactly what you ask for (plus NAT, which you implied you wanted).
Whether or not they are a good idea is not so easily answered.
# allow by default, per your requirements
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
x27;t know if I mentioned
that this was at home -- work's behind a Sonicwall, the crutch which has
made me ignorant of iptables -- bad!), so I don't really have a whole lot
of choice in the matter. Regardless, this is perfect -- thanks much!
-Ken
> [EMAIL PROTECTED] wrote:
>>
&
ould NAT (which I have
implemented) cause me any grief?
Sounds like you want something like this:
# Flush all old rules on restart
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables --table nat --flush
# Allow all state matches through
iptables -A FORWARD -m state --state ESTABLISH,RE
ed around some, but am
clearly missing the magical iptables incantation. What I'd like is pretty
darn easy, methinks, and I just haven't stumbled upon the right
permutation yet.
I've got a couple of NICs, both physical and virtual. Basically, I'd like
to restrict eth0 (my
89 matches
Mail list logo
