Re: [suse-security] Unwanted routing between subnets
-----Original Message----- From: Marc Samendinger Sent: Wednesday, September 10, 2003 11:26 AM
Thanks, that helped.
I tried this before, but only on the INPUT chain. Too busy to see the obvious :-]
However, adding a ruleset for the INPUT chain is still necessary to protect the interfaces on the router itself, as these are not handled by the FORWARD chain.
since the INPUT chain is only responsible for packets destinated to local services on your Router there should be no packet that matches
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j DROP
Sorry for this misleading statement, please forget this post. I should have reread your post
if I really unterstood you right and you wanted to block the packets like that.
this behaviour changed between ipchains and iptables.
Bye, Holger
again I'm sorry for my misleading post and the unnecessary noise marc
participants (1)
-
Marc Samendinger