Thanks, that helped.
I tried this before, but only on the INPUT chain. Too busy to see the obvious :-]
However, adding a ruleset for the INPUT chain is still necessary to
of course you can protect your nets, I suggest following rules : iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d $LOCAL-IP -j ACCEPT iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d $LOCAL-IP -j ACCEPT guessing the default policy is drop for input ... cu bruno holger.schletz@web.de schrieb am 10.09.2003 11:03:37: protect
the interfaces on the router itself, as these are not handled by the FORWARD chain.
Bye, Holger
Am Dienstag, 9. September 2003 08:40 schrieb BLeonhardt@analytek.de:
Hi,
a rule like
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP iptables -A FORWARD -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j DROP
wouldn't work ?
Mit freundlichen Grüßen / Best regards Bruno Leonhardt
LPI Level 1 Certified Watchguard Certified System Professional CLP Domino R5 Systemadministrator
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail und deren Anhänge. Das unerlaubte Kopieren, die unberechtigte Veröffentlichung sowie die unbefugte Weitergabe dieser E-Mail oder des Inhalts ist nicht gestattet. This e-mail is confidential and may also be legally privileged. If you are not the indended recipient or have received this messge in error, please notify the sender immediately and delete this message and any attachements. Any unauthorized copying, disclosure or circulation of the message or the contents of this message is strictly prohibited.