Right but does the rest of my rule below work to do what I want? I was just guessing at what it would look like :) Steve... On Thu, 2003-06-19 at 20:09, Jeremy Davis wrote: > Specify a range like this 192.168.1.0/32 or whatever the subnet that you > would like to permit through. > > Jeremy > > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Steve W > Sent: Thursday, June 19, 2003 9:26 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Allowing only a certain source IP range back out through the > bridge > > > I am wanting to stop such things as fake packets going out our network. > > Some of the new worms send out bogus packets claiming to come from IP's > that are not legit would be one case where this may be helpful. > > I have a bridge with firewall capabilities setup and it is doing fine > with what it is doing so now I would like to know if there is a way to > say something like: > > If the source is between 192.168.0.20 and 192.168.0.30 and the direction > it is going is from eth1 to eth0 then it is okay, let it go through. > > something like: > iptables -A FORWARD --in-interface eth1 --out-interface eth0 -s \ > 192.168.1.20 -j ACCEPT > > Would this work and how do you allow a range of IP's or would I have to > add a rule for each IP I want to allow out. > > Thanks. > > >
