All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@lists.netfilter.org
Subject: Re: matching -d to a given interface without specifying ip address
Date: Fri, 08 Sep 2006 11:26:36 +0200	[thread overview]
Message-ID: <4501374C.6000207@plouf.fr.eu.org> (raw)
In-Reply-To: <44FA068C.1000202@nth.ca>

Hello,

Dmitri a écrit :
> 
> Is there a way to define a condition "those packets whose destination is 
> the IP address of the given interface" without specifying the actual IP 
> address? (it changes, thus needs to be detected and updated)

None that I'm aware of.

> I want to be able to distinguish those packets addressed to the box, to 
> be forwarded, from those just passing through it. (-i matches both)
> 
> Such packets can be discovered in the INPUT chains, after the "routing 
> decision", but by then it's too late to do DNAT.

Beware. "Packets addressed to the box (entering the given interface)" is 
not the same as "packets whose destination is the IP address of the 
given interface". The former means "packets whose destination is the IP 
address of ANY local interface". So packets matching a rule such as :

iptables -A INPUT -i <interface> ...

would match not only the former definition but also the latter, and also 
broadcasts that the box listens to.

So what do you want to match exactly ?


      parent reply	other threads:[~2006-09-08  9:26 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-02 22:32 matching -d to a given interface without specifying ip address Dmitri
2006-09-04  5:05 ` Rob Sterenborg
2006-09-05  4:42   ` Dmitri
2006-09-05  4:43     ` Rob Sterenborg
2006-09-08  2:03       ` Dmitri
2006-09-06 18:11     ` Danny Rathjens
2006-09-08  1:42       ` Dmitri
2006-09-08  9:44         ` Pascal Hambourg
2006-09-08  9:26 ` Pascal Hambourg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4501374C.6000207@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.