From: Ross Cameron <ross.cameron@linuxpro.co.za>
To: Sebastian Heidl <s.heidl@teles.de>, netfilter@lists.netfilter.org
Subject: Re: Firewalling issue
Date: Wed, 19 Jul 2006 13:09:48 +0200 [thread overview]
Message-ID: <44BE12FC.10303@linuxpro.co.za> (raw)
In-Reply-To: <1153305518.5888.176.camel@sehe-c4.berlin.teles.de>
Issue resolved!
Thx very much,... I had that syntax before,.. but it wasn't early enough
in the rule set,... rookie mistake!
Thx guys!
Sebastian Heidl wrote:
> Hi Ross,
>
> this should do it:
>
> iptables -A INPUT -i eth0 -d 196.x.x.94 -j DROP
>
> You may want to insert this rule early in the INPUT chain.
> Regards.
>
> _sh_
>
>
> On Wed, 2006-07-19 at 12:25 +0200, Ross Cameron wrote:
>
>> Hi there list I have the following issue:
>>
>> I have a IP split setup on one of my Linux boxes (see diagram below), I
>> can route and all access is hunky dory,... BUT I want to block access to
>> my DMZ'z gateway address from the outside world.
>> How do I do this?
>>
>>
>> +------------+ +------------ +
>> | | eth0 +-------------+ eth1 | |
>> | Internet |============| FW / Router |============| LAN |
>> | | +-------------+ | |
>> +------------+ || eth2 +------------ +
>> ||
>> ||
>> ||
>> || +------------ +
>> |+-----------------| |
>> +------------------| DMZ |
>> | |
>> +------------ +
>>
>> KEY:
>> ~~~~
>> eth0 => 196.x.x.122 / 255.255.255.252
>> eth1 => 192.168.x.x / 255.255.255.0
>> eth2 => 196.x.x.94 / 255.255.255.240
>>
>>
>> The Internet needs to be able to see 196.x.x.80 -> 196.x.x.95,... with
>> the exception of 196.x.x.94!!!
>>
>> Everything else is correct and how I need it to be,... I need to know
>> how to DROP the packets coming in on eth0 for 196.x.x.94
>> BUT packets coming in on eth2 for 196.x.x.94 need to be allowed.
>>
>> Regards,...
>> Ross Cameron
>>
>
>
prev parent reply other threads:[~2006-07-19 11:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-19 10:25 Firewalling issue Ross Cameron
2006-07-19 10:59 ` Sietse van Zanen
[not found] ` <1153305518.5888.176.camel@sehe-c4.berlin.teles.de>
2006-07-19 11:09 ` Ross Cameron [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44BE12FC.10303@linuxpro.co.za \
--to=ross.cameron@linuxpro.co.za \
--cc=netfilter@lists.netfilter.org \
--cc=s.heidl@teles.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox