Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Unwanted routing between subnets
  • From: "Marc Samendinger" <marc.samendinger@xxxxxxxxxxxx>
  • Date: Wed, 10 Sep 2003 11:43:54 +0200
  • Message-id: <02631EB8007CF7488B0A7D4B6BF921CE255B8D@xxxxxxxxxxxxxxxxxxxxx>
> -----Original Message-----
> From: Marc Samendinger
> Sent: Wednesday, September 10, 2003 11:26 AM
> >
> > Thanks, that helped.
> >
> > I tried this before, but only on the INPUT chain. Too busy to
> > see the obvious
> > :-]
> >
> > However, adding a ruleset for the INPUT chain is still
> > necessary to protect
> > the interfaces on the router itself, as these are not handled
> > by the FORWARD
> > chain.
>
> since the INPUT chain is only responsible for packets
> destinated to local services on your Router there should
> be no packet that matches
>
> > iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
> > iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d
> 192.168.0.0/16 -j DROP

Sorry for this misleading statement, please forget this post.
I should have reread your post

> if I really unterstood you right and you wanted to block
> the packets like that.
>
> this behaviour changed between ipchains and iptables.
>
> > Bye,
> > Holger

again I'm sorry for my misleading post and the unnecessary noise

marc


< Previous Next >