Why not just allow forwarding to the outside only.. ie. iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT iptables -A FORWARD -o ppp+ -j ACCEPT # Or mask off what you want only iptables -A FORWARD -j DROP and make sure to allow other forwardings packets for whatever else you need.. you could possibly get away with something like iptables -A FORWARD -i eth+ -o eth+ -j DROP This will stop any packets going between nics... No need to specify IPs. But best test it first with -j LOG. Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: Miguel Manso [mailto:mmanso@xxxxxxxxx] Sent: Monday, May 26, 2003 3:31 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: disallow access from two internal networks Hi there, I've a linux router that's sharing an internet connection with four internal networks: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 I'd like to disallow each internal network to access the others. I've this devices on the router: ppp0 (external connection) eth0 (network 1) eth1 (network 2) eth2 (network 3) eth3 (network 4) I thought that with this: $IPT -A OUTPUT -o eth0 -s 192.168.2.0/24 -j DROP I could drop any connection comming from the eth0 device (network 1) to the network 192.168.2.0/24 (network 2). I've tryed it but it don't DROP the connection. What am I missing? Thanks. ===== Miguel Manso mmanso@xxxxxxxxx __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
