From: Del Winiecki <delw@wildapache.net>
To: netfilter@lists.netfilter.org
Subject: Re: Purpose of self-referential rule
Date: 26 Feb 2003 10:52:55 -0700 [thread overview]
Message-ID: <1046281981.1698.29.camel@thizzy> (raw)
In-Reply-To: <20030224160628.GH4316@placemark.com>
Kelly, typically you have a default route set on each machine on your
LAN, and that gateway address would be your linux router.
Yes, packets COULD be sent directly, but you'd have to reset the route
in your machine each time you wanted to point to a different machine.
So, the router IS routing all your traffic on the LAN in a normal setup.
So the line in iptables is useful. I use this kind of statement here
where I have 3 different companies sharing a fiber-optic line back to my
ISP. In your example, since its an INPUT statement, limits access to
machines on the 192.168.6.0/24 network assuming you have a DROP policy
for INPUT.
-Del
On Mon, 2003-02-24 at 09:06, Kelly Setzer wrote:
> I've been experimenting with gShield trying to learn the ins and outs
> of iptables. One of the rules is generates is:
>
> iptables -A INPUT -s 192.168.6.0/24 -d 192.168.6.0/24 -i eth1 -j ACCEPT
>
> The source and dest are correct for my internal network, and eth1 is
> the internal net. My question is, when would the firewall ever see a
> packet that could possible match this? Any packet with a source and
> destination on the same network would send the packet directly (no
> routing, thus no firewall).
>
> What am I missing?
>
> thanks,
> Kelly
> --
> Kelly Setzer, System Administrator/Architect - Placemark Investments
> 14180 Dallas Pkwy, Suite 200, Dallas, TX 75240
> kelly.setzer@placemark.com http://www.placemark.com
> (972)404-8100x41 (work) (214) 287-3464 (cell)
prev parent reply other threads:[~2003-02-26 17:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-24 16:06 Purpose of self-referential rule Kelly Setzer
2003-02-26 14:03 ` Joel Newkirk
2003-02-26 14:55 ` Kelly Setzer
2003-02-26 15:33 ` Alistair Tonner
2003-02-26 17:52 ` Del Winiecki [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1046281981.1698.29.camel@thizzy \
--to=delw@wildapache.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox