-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 23.36, Anders Johansson wrote:
On Monday 02 June 2003 23.33, Rikard Johnels wrote:
I used the line: iptables -A INPUT -s xxx.xxx.xxx.xxx -d 0/0 --proto all -j DROP" to drop the connection, but it failed to kill the trensfer.
Hardly surprising. Try using -I instead of -A. If you're running the SuSEfirewall2, the packets will be in the input_ext chain long before your rule is hit if you use -A
Idont use SuSEFirewall. Its a "cheat" i recieved from a friend. Not much rukes in it. Basic NAT and two redirects only... modprobe iptable_nat modprobe ipt_MASQUERADE iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 21 -j DNAT --to-destination xxx.xxx.xxx.xxx:21 iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j DNAT --to-destination xxx.xxx.xxx.xxx:80 I know it aint the best one... I run the firewall on a Alpha, so the SuSEFirewall2 isnt (or wasnt) available when i set it up. I am in the process or evaluating the 8.1 for AXP at the moment to see if it is usable on my Alphastation... I have been suggested a BSD wall, but i'd rather stay with SuSE if i can.. - -- /Rikard - ------------------------------------------------------------------------------------ Rikard Johnels email : rjhn@linux.nu Web : http://www.rikjoh.com Mob : +46 70 464 99 39 - ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE+28ZKWdS2eEYc7lYRAs9XAJ9WV8ONBEbnFjXLj9wOZW0Ag4iDtwCgl7di /7RKSqic+5WJelLkz+l7M/U= =vd0j -----END PGP SIGNATURE-----