[plug] dropping a ip address

Brad Campbell brad at wasp.net.au
Sat Sep 20 20:02:03 WST 2003


Jon Miller wrote:
> Using iptables I would like to drop packets from a ip address.
> If I'm correct the following should work.... correct?
> $IPT -A INPUT -p tcp -d 192.168.3.1 -s 61.139.60.84 -j DROP
> Am I missing something here.
> 

Is the destination address on that particular machine ?
ie you are dropping any tcp packet from 61.139.60.84 destined to 
192.168.3.1, but being in the input chain, it will only pass that chain 
if 192.168.3.1 is a local ip on that machine.

I'm doing a similar thing here but in the forward chain

$IPTABLES -A FORWARD -d 192.168.0.0/24 -j DROP

I use this box as a vpn router and control access to the vpn on a MAC 
basis. This rule is the last rule in the chain. Prior to that I have

$IPTABLES -A FORWARD -m mac --mac-source 00:00:39:E6:40:A2 -j ACCEPT

which allows the relevant machine access to the 192.168.0.0/24 network.

Brad

_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list