Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Unwanted routing between subnets
  • From: "Marc Samendinger" <marc.samendinger@xxxxxxxxxxxx>
  • Date: Wed, 10 Sep 2003 11:26:22 +0200
  • Message-id: <02631EB8007CF7488B0A7D4B6BF921CE255B8A@xxxxxxxxxxxxxxxxxxxxx>
> -----Original Message-----
> From: Holger Schletz [mailto:h.schletz@xxxxxxxxx]
> Sent: Wednesday, September 10, 2003 11:04 AM
>
> Thanks, that helped.
>
> I tried this before, but only on the INPUT chain. Too busy to
> see the obvious
> :-]
>
> However, adding a ruleset for the INPUT chain is still
> necessary to protect
> the interfaces on the router itself, as these are not handled
> by the FORWARD
> chain.

since the INPUT chain is only responsible for packets
destinated to local services on your Router there should
be no packet that matches

> iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
> iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j DROP

if I really unterstood you right and you wanted to block
the packets like that.

this behaviour changed between ipchains and iptables.

> Bye,
> Holger

marc

< Previous Next >