If you use SNAT (masquerade) then it may be bypassing the input chain because of a prerouting rule ... On Tue, 2003-03-18 at 09:24, netfilter-maillist wrote: > Hello > > iptables -I INPUT 1 -p tcp -s 192.168.1.2/32 -m time --timestart \ > 11:00 --timestop 17:00 --days Sun,Mon,Tue,Wed,Thu,Fri,Sat \ > -d 192.168.1.1/32 --j DROP > Defaul policy in INPUT chain - DROP > But... packets allows to 192.168.1.240 (server) in this > time --> 11:00-17:00. > > Why? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Raymond Leach ) ) Knowledge Factory ( ( ) ) Tel: +27 11 445 8100 ( ( Fax: +27 11 445 8101 ) ) ( ( http://www.knowledgefactory.co.za/ ) ) http://www.saptg.co.za/ ( ( http://www.mapnet.co.za/ ) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/
Attachment:
signature.asc
Description: This is a digitally signed message part
