Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: Re: [suse-security] Unwanted routing between subnets
  • From: BLeonhardt@xxxxxxxxxxx
  • Date: Wed, 10 Sep 2003 11:30:14 +0200
  • Message-id: <OF59EBE907.7D780923-ONC1256D9D.0033F63D-C1256D9D.00333CDD@xxxxxxxxxxx>
of course you can protect your nets, I suggest following rules :

iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d $LOCAL-IP -j ACCEPT
iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d $LOCAL-IP -j ACCEPT

guessing the default policy is drop for input ...

cu
bruno

holger.schletz@xxxxxx schrieb am 10.09.2003 11:03:37:

> Thanks, that helped.
>
> I tried this before, but only on the INPUT chain. Too busy to see the
obvious
> :-]
>
> However, adding a ruleset for the INPUT chain is still necessary to
protect
> the interfaces on the router itself, as these are not handled by the
FORWARD
> chain.
>
> Bye,
> Holger
>
> Am Dienstag, 9. September 2003 08:40 schrieb BLeonhardt@xxxxxxxxxxx:
> > Hi,
> >
> > a rule like
> >
> > iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
> > iptables -A FORWARD -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j
DROP
> >
> > wouldn't work ?
> >
> > Mit freundlichen Grüßen / Best regards
> > Bruno Leonhardt
> >
> > LPI Level 1 Certified
> > Watchguard Certified System Professional
> > CLP Domino R5 Systemadministrator
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

--
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese E-Mail und deren Anhänge. Das unerlaubte Kopieren,
die unberechtigte Veröffentlichung sowie die unbefugte Weitergabe dieser
E-Mail oder des Inhalts ist nicht gestattet.

This e-mail is confidential and may also be legally privileged. If you are
not the indended recipient or have received this messge in error, please
notify the sender immediately and delete this message and any
attachements. Any unauthorized copying, disclosure or circulation of the
message or the contents of this message is strictly prohibited.

< Previous Next >
References