-----Original Message----- From: Holger Schletz [mailto:h.schletz@dokom.net] Sent: Wednesday, September 10, 2003 11:04 AM
Thanks, that helped.
I tried this before, but only on the INPUT chain. Too busy to see the obvious :-]
However, adding a ruleset for the INPUT chain is still necessary to protect the interfaces on the router itself, as these are not handled by the FORWARD chain.
since the INPUT chain is only responsible for packets destinated to local services on your Router there should be no packet that matches
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j DROP
if I really unterstood you right and you wanted to block the packets like that. this behaviour changed between ipchains and iptables.
Bye, Holger
marc