sond wrote: > > Analizing all the chains I notice that in the INPUT and OUTPUT chains > there is the specification for the input and output interfaces, but > there is no specification for the fw ip like 127.0.0.1 or 192.168.0.1 > (I've two NICs).
That is because only packets addressed to local addresses (like 127.0.0.1 or 192.168.0.1) enter the INPUT chain. That is controlled by routing and the iptables ruleset doesn't have to filter packets in the INPUT chain for their destination IP address. For more reading, see: http://www1.shorewall.net/NetfilterOverview.html http://www1.shorewall.net/PacketHandling.html http://www1.shorewall.net/Shorewall_and_Routing.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
