hello again and thanks for replying. the prohibit rule is supposed to be in that particular table that im creating for hosts whose src address is network A? i was also thinking of blackholeing as default. would this work? ip route add networkB dev eth1 table X ip route add networkA via networkB-router dev eth1 table X ip route add 0/0 blackhole table X <rule for making networkA hosts use table X> since i dont want to use iptables too much either. thanks -tomas On Thu, Nov 28, 2002 at 11:48:01PM -0600, Martin A. Brown wrote: > > Tomas, > > I'm glad to be of help. > > : if i want to allow hosts from network A to reach and talk to hosts on > : network C, but _not_ hosts on network B, is this best controlled by > : iptables? since i now probably need to specify the route to network B > : in that very table, i cannot deny network A hosts to talk to network B > : with ip, or can i? > > I'd suggest you use iptables and a prohibit route: > > http://plorf.net/linux-ip/html/tools-ip-route.htm#EX-TOOLS-IP-ROUTE-ADD-FROM > > Here's an example: > > # ip route add prohibit x.x.x.x/24 from y.y.y.y/24 > > I would be inclined to block packets at the packet filter as well. > > # iptables -t filter -A FORWARD -d x.x.x.x/24 -s y.y.y.y/24 -j REJECT > > Good luck, > > -Martin > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com > > > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
