Re: [SLUG] iptables FORWARD chain

From: Matt Miller (mmiller1@mptotalcare.com)
Date: Thu Aug 01 2002 - 19:41:43 EDT

Next message: John Oakes: "Re: [SLUG] Installing Tomcat"
Previous message: Tim Jones: "Re: [SLUG] MCSE certification & System Analyst position"
In reply to: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Next in thread: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Reply: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2002-08-01 at 19:04, Derek Glidden wrote:
> iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp --dport 80
> -j DROP
> iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp --dport 443
> -j DROP
> iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp -j ACCEPT

Or I guess I could do this to streamline my script:
iptables -A FORWARD -i eth0 -m multiport -s localnet -d ! localnet -p \
tcp --dport 80,443 -j DROP
iptables -A FORWARD -i eth0 -s localnet -d ! localnet -p tcp -j ACCEPT

Thanks Derek. I failed to "see" I could simply put in a drop rule to
accomplish the same task. Easy problem; easy solution.
I had been setting up iptables rules all day. I guess my mind was a
little fried.

-- Matt

application/pgp-signature attachment: This is a digitally signed message part

Next message: John Oakes: "Re: [SLUG] Installing Tomcat"
Previous message: Tim Jones: "Re: [SLUG] MCSE certification & System Analyst position"
In reply to: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Next in thread: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Reply: Derek Glidden: "Re: [SLUG] iptables FORWARD chain"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:40:08 EDT