Tomas, I'm glad to be of help. : if i want to allow hosts from network A to reach and talk to hosts on : network C, but _not_ hosts on network B, is this best controlled by : iptables? since i now probably need to specify the route to network B : in that very table, i cannot deny network A hosts to talk to network B : with ip, or can i? I'd suggest you use iptables and a prohibit route: http://plorf.net/linux-ip/html/tools-ip-route.htm#EX-TOOLS-IP-ROUTE-ADD-FROM Here's an example: # ip route add prohibit x.x.x.x/24 from y.y.y.y/24 I would be inclined to block packets at the packet filter as well. # iptables -t filter -A FORWARD -d x.x.x.x/24 -s y.y.y.y/24 -j REJECT Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
