On Mon, 28 Oct 2002 14:44:43 +0000 Antony Stone <Antony@Soft-Solutions.co.uk> wrote: > On Monday 28 October 2002 5:32 am, yenjet.chan@eglobal.com.my wrote: > > > Hi all, > > > > This is my first post to the list, so please bare with me. > > I have a requirement here. Is there possible to create a purely NAT > > iptables rules for certain IP addresses? > > No. You can turn off stateful inspection by not loading or compiling the > connection tracking support, but you cannot use it for some addresses but not > others. Are you sure? By not using "-m state" it might actually work, how about: iptables -A FORWARD -o ppp0 -s aaa.bbb.ccc.eee -j ACCEPT iptables -A FORWARD -o ppp0 -s aaa.bbb.ccc.ddd -m state --state ! INVALID -j ACCEPT
