[plug] dropping a ip address
Brad Campbell
brad at wasp.net.au
Sat Sep 20 20:02:03 WST 2003
Jon Miller wrote:
> Using iptables I would like to drop packets from a ip address.
> If I'm correct the following should work.... correct?
> $IPT -A INPUT -p tcp -d 192.168.3.1 -s 61.139.60.84 -j DROP
> Am I missing something here.
>
Is the destination address on that particular machine ?
ie you are dropping any tcp packet from 61.139.60.84 destined to
192.168.3.1, but being in the input chain, it will only pass that chain
if 192.168.3.1 is a local ip on that machine.
I'm doing a similar thing here but in the forward chain
$IPTABLES -A FORWARD -d 192.168.0.0/24 -j DROP
I use this box as a vpn router and control access to the vpn on a MAC
basis. This rule is the last rule in the chain. Prior to that I have
$IPTABLES -A FORWARD -m mac --mac-source 00:00:39:E6:40:A2 -j ACCEPT
which allows the relevant machine access to the 192.168.0.0/24 network.
Brad
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list