Mailinglist Archive: opensuse (929 mails)

< Previous Next >
[opensuse] iptables: is PREROUTING nat before or after PREROUTING filter?

I have fairly enough of certain probes and am planning to completely
block all known networks from China as well as from Gaza/.ps. Respective
CSV files are available.

The more interesting question is, where do I put the rules as
intelligently as possible? I want to block the IPs for INPUT (to the fw
host itself) as well as for FORWARD, but simply pushing the rules twice,
once into each chain, appears a huge waste of mem to me (those are quite
a couple of rules...).

I was thinking of pushing the rules into PREROUTING but the question is
if PREROUTING filter comes before or after PREROUTING nat, because in
PREROUTING nat I already have the forwarding rules for the port NAT.


(o_ Stefan Gofferje | SCLT, MCP, CCSA
//\ Reg'd Linux User #247167 | VCP #2263
V_/_ Heckler & Koch - the original point and click interface

< Previous Next >
Follow Ups