Re: REDIRECT question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ruslan,

> i want make transaparent proxy on localhost and want to disabe access 
> after redirecting to port 3128 if destination address in net other then 
> 193.108.240.0/22.
> Does REDIRECT target send packet to INPUT chain and i should disable 
> access in INPUT chain or should i disable access in '-t nat -A 
> POSTROUTING' chain?

You will not be able to disable access in the POSTROUTING chain, since 
after reading the REDIRECT rule, no further rules in that chain are 
processed. In any case, it is not recommended to filter in the nat table. 
The best place to put your filtering rule is in the INPUT chain.

Cheers, Chris.
-- 
   ___ __     _
 / __// / ,__(_)_  | Chris Wilson -- UNIX Firewall Lead Developer |
/ (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk |
\ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux