Mailinglist Archive: opensuse (929 mails)

< Previous Next >
Re: [opensuse] iptables: is PREROUTING nat before or after PREROUTING filter?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 24 Mar 2014 08:07:14 +0100
  • Message-id: <lgoljd$drs$1@saturn.local.net>
Stefan Gofferje wrote:

Hi,

I have fairly enough of certain probes and am planning to completely
block all known networks from China as well as from Gaza/.ps.
Respective CSV files are available.

The more interesting question is, where do I put the rules as
intelligently as possible? I want to block the IPs for INPUT (to the
fw host itself) as well as for FORWARD, but simply pushing the rules
twice, once into each chain, appears a huge waste of mem to me (those
are quite a couple of rules...).

Do you need the memory for anything else ? :-)



--
Per Jessen, Zürich (3.9°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References