how do we stop masqueraded connections to a given remote port?
this does not work in /etc/ipchains.forward:
$IPCH -I forward -j DENY -p udp -s 192.168.0.0/16 -d 0.0.0.0 1214
$IPCH -I forward -j DENY -p tcp -s 192.168.0.0/16 -d 0.0.0.0 1214
what do you think?
--
Best Regards,
mds
mds resour
"Michael D. Schleif" wrote:
>
> how do we stop masqueraded connections to a given remote port?
>
> this does not work in /etc/ipchains.forward:
>
> $IPCH -I forward -j DENY -p udp -s 192.168.0.0/16 -d 0.0.0.0 1214
> $IPCH -I forward -j DENY -p tcp -s 192.168.0.0/16 -d 0.0.0.0 1214
>
> what do
Michael --
Your report is a bit fragmentary, but even so, the input- and output-chain
rules you propose look like they should work. (I'm not sure about the
forward-chain rules because I'm a bit fuzzy on whether and when NAT changes
the apparent source address).
But as you know, evaluating rul
Ray =>
Thank you, for your participation.
Ray Olszewski wrote:
>
> Your report is a bit fragmentary, but even so, the input- and output-chain
> rules you propose look like they should work. (I'm not sure about the
> forward-chain rules because I'm a bit fuzzy on whether and when NAT changes
> t
Michael --
Thanks for the additional information. I see you have the rules you were
describing at the top of the input chain and before the only ACCEPT rule in
the output chains, so you should not be having order problems with them.
And all the interface specifications appear to be correct.
T
Ray =>
Thank you, again . . .
Ray Olszewski wrote:
>
> Thanks for the additional information. I see you have the rules you were
> describing at the top of the input chain and before the only ACCEPT rule in
> the output chains, so you should not be having order problems with them.
> And all the
Responses interspersed below.
At 03:55 PM 6/15/02 -0500, Michael D. Schleif wrote:
>Ray =>
>
>Thank you, again . . .
>
>Ray Olszewski wrote:
> >
> > Thanks for the additional information. I see you have the rules you were
> > describing at the top of the input chain and before the only ACCEPT rul
