[plug] iptables

craig at postnewspapers.com.au craig at postnewspapers.com.au
Wed Jan 9 14:33:07 WST 2002


> I'm trying to specify two different IP address in a statement that are
> completely different networks to be exempted by the rule, e.g. like this:
> 
> iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.0.1 -p tcp -j DROP
>
> Is it possible?
Not as you're trying to do it. What you want to do is use the following
lines instead: (Where 192.168.5.7 is your second IP)

iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.1 -p tcp -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.5.7 -p tcp -j DROP

Remember, firewalling rules in iptables/ipchains are parsed in order
until one matches with a specified action, in which case the action 
is applied to the packet and no further rules are traversed. (Log 
rules, of course, just log the packet and aren't considered "action" rules).

Its weird, but you get used to it fast.


-- 
Craig Ringer
IT Manager, POST Newspapers
http://www.postnewspapers.com.au/    http://oberthur.dyndns.org/~craig/
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020109/0134923d/attachment.pgp>


More information about the plug mailing list