Le lun 06/10/2003 à 16:31, pigi a écrit : > Anyway this is the workaround, but I would like to DROP it in my rules if > possible, so the packet cannot reach the routing point in kernel. > Is this possible ? Yes you can. Just desactivate rp_filters (echo 0 > /proc/sys/net/ipv4/conf/all/rp_filters) and filter within INPUT and FORWARD chains, according to your routing table. But you'll have to handle all cases, what can be tricky if you have many interfaces. Or do it within PREROUTING chain which is not the prefered place for filtering. What I told you before was why your packet did not reach INPUT chain. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
