From: Askar Ali Khan <askarali@gmail.com>
To: "richardo@start-global.com" <richardo@start-global.com>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: droping in forward/postrouting
Date: Fri, 30 Jul 2004 11:15:57 +0500 [thread overview]
Message-ID: <a0f69e504072923151d18afa3@mail.gmail.com> (raw)
In-Reply-To: <a0f69e504072913084fc39ee8@mail.gmail.com>
hi
I duno but filter table "FORWARD" not blocking/dropping any of these
site actaully these are spywares a gift from windowz and why i want to
drop these dirty shits coz they consume lot of my precious bandwidth
"dialup" ;)
iptables -I FORWARD -s 0/0 -d 66.35.229.0/24 -j DROP
iptables -I FORWARD -s 0/0 -d 212.4.208.105 -j DROP
iptables -I FORWARD -s 0/0 -d 66.35.229.185 -j DROP
iptables -I FORWARD -s 0/0 -d 64.152.73.0/24 -j DROP
iptables -I FORWARD -s 0/0 -d 66.35.229.236 -j DROP
However PREROUTING do working and dropping it :)
iptables -t nat -I PREROUTING -s 0/0 -d 66.35.229.0/24 -j DROP
iptables -t nat -I PREROUTING -s 0/0 -d 212.4.208.105 -j DROP
iptables -t nat -I PREROUTING -s 0/0 -d 66.35.229.185 -j DROP
iptables -t nat -I PREROUTING -s 0/0 -d 64.152.73.0/24 -j DROP
iptables -t nat -I PREROUTING -s 0/0 -d 66.35.229.236 -j DROP
Therefore my confusion still exists, as rule is that to filter in
fiter table and other things NATting , mangling in nat and mangle
table respectively.
Then why FOWARD not blocking these sites and nat PREROUTING does?
Im in learning stages of netfilter thing, and I will greatly
appreciate if someone clear this to me :)
regards
Askar
On Fri, 30 Jul 2004 02:08:46 +0600, Askar Ali Khan <askarali@gmail.com> wrote:
> Hi Richard
>
> Thanks for the reply :) yeah now its clear to me filtering rules must
> go into filter table and other such NATting or mangling in NAT and
> Mangle table respectively.
>
> Regards
> Askar
>
>
>
> On Thu, 29 Jul 2004 16:54:47 +0100, richardo@start-global.com
> <richardo@start-global.com> wrote:
> >
> > hi Askar,
> >
> > This is a filtering rule, and so, in my opinion, this should be in the
> > filter table, ie FORWARD.
> >
> > Regards,
> > Richard.
> >
> > Richard Oatridge
> > Head of IT, Start-global Ltd
> > http://www.start-global.com
> > tel : +44 1564 779297
> > email : richardo@start-global.com
> >
> > |--------+----------------------------------->
> > | | Askar Ali Khan |
> > | | <askarali@gmail.com> |
> > | | Sent by: |
> > | | netfilter-admin@lists.net|
> > | | filter.org |
> > | | |
> > | | |
> > | | 29/07/2004 11:19 |
> > | | |
> > |--------+----------------------------------->
> > >-------------------------------------------------------------------------------------------------------------------------|
> > | |
> > | To: netfilter <netfilter@lists.netfilter.org> |
> > | cc: |
> > | Subject: droping in forward/postrouting |
> > >-------------------------------------------------------------------------------------------------------------------------|
> >
> >
> >
> >
> > hi all
> >
> > Im afraid i am again with a very simple/stupid question :), even
> > though things not clear to me yet.
> >
> > im droping/blocking certain sites mainly gator sites on my
> > router/firewall to LAN users, using slackware kernel 2.4.26.
> >
> > im doing this with the below rule
> > $iptables -t nat -A POSTROUTING -s 0/0 -d 212.4.208.105 -j DROP
> > This is working fine, however im kinda confuse whether this is the
> > proper table/chain for accomplished this or may I do it with FORWARD
> > chain like ...
> >
> > $iptables -A FORWARD -s 0/0 -d 212.4.208.105 -p tcp -j DROP
> >
> > which approach is recommended ?
> > 1)nat/POSTROUTING
> > OR
> > 2) FORWARD
> >
> > thanks in advance
> >
> > regards
> > Askar
> >
> >
>
next prev parent reply other threads:[~2004-07-30 6:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-29 15:54 droping in forward/postrouting richardo
[not found] ` <a0f69e504072913084fc39ee8@mail.gmail.com>
2004-07-30 6:15 ` Askar Ali Khan [this message]
2004-07-31 7:48 ` Antony Stone
2004-07-31 12:27 ` Askar Ali Khan
2004-07-31 12:11 ` Alejandro Flores
-- strict thread matches above, loose matches on Subject: below --
2004-07-31 23:58 Jason Opperisano
2004-07-30 8:15 richardo
2004-07-29 10:19 Askar Ali Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0f69e504072923151d18afa3@mail.gmail.com \
--to=askarali@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=richardo@start-global.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.