Re: REDIRECT question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Chris Wilson wrote:

Hi Ruslan,



i want make transaparent proxy on localhost and want to disabe access after redirecting to port 3128 if destination address in net other then 193.108.240.0/22.
Does REDIRECT target send packet to INPUT chain and i should disable access in INPUT chain or should i disable access in '-t nat -A POSTROUTING' chain?



You will not be able to disable access in the POSTROUTING chain, since after reading the REDIRECT rule, no further rules in that chain are processed. In any case, it is not recommended to filter in the nat table. The best place to put your filtering rule is in the INPUT chain.

Cheers, Chris.

Hello, Chris.

I just want to be sure that after redirecting, the packet is going to input chain where i can filter it. (am i right?)

Thanks for your reply.

Best regards,
Ruslan



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux