Re: travelling the tables and chains...

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: travelling the tables and chains...
Date: Tue, 5 Apr 2005 00:28:28 -0400	[thread overview]
Message-ID: <20050405042828.GA1197@bender.817west.com> (raw)
In-Reply-To: <4250A5A6.6040509@lorenzutti.com.ar>

On Sun, Apr 03, 2005 at 11:25:42PM -0300, Guido Lorenzutti wrote:
> Hi people, i would like to clean up my firewall script by creating new 
> chains in the filter table. Like this:
> 
> iptables -N FORWARD_WAN_TO_LAN
> 
> Then, call the traffic in the FORWARD chain:
> 
> iptables -A FORWARD -i $WAN -o $LAN -j FORWARD_WAN_TO_LAN
> 
> Now how can i discriminate the DNATed packets from that rule? It's OK if 
> i MARK them in the PREROUTING chain and create a rule BEFORE in the 
> FORWARD chain to check if the packet im MARKed then -j DNATED_WAN_TO_LAN?
> 
> Any better ideas?

MARK-ing is a pretty decent general-purpose way of keeping track of
where a packet has been.  in your case--if you need to find all DNAT-ed
packets, you could use the more specialized:

  "-m conntrack --ctstate DNAT"

to match a DNAT-ed packet.

-- 
"Baby needs to suck ash. Baby needs to suck ash. Not ass, you pervert. 
 Save it for the interns."
	--Family Guy

     prev parent reply	other threads:[~2005-04-05  4:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-04  2:25 travelling the tables and chains Guido Lorenzutti
2005-04-04  3:30 ` Grant Taylor
2005-04-05  4:28 ` Jason Opperisano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050405042828.GA1197@bender.817west.com \
    --to=opie@817west.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.