On Sunday 07 March 2004 6:24 pm, Fabian Hartmann wrote:
> > hello,
>
> Hi Pierre
>
> > #forward
> >
> > iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT -o eth0
>
> The rule above won't work! you must set the -o flag before you set the -j
> <TARGET> i. e. iptables -A FORWARD -o eth0 -s 192.168.1.0/24 -j ACCEPT
My netfilter accepts it perfectly well, and afterwards "iptables -L FORWARD
-nvx" shows:
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * eth0 192.168.1.0/24 0.0.0.0/0
> Otherwise the rule won't be accepted by iptables and you have no rule that
> accepts forwarded traffic when the default policy for the FORWARD chain is
> set to DROP.
Let me know which version of netfilter you have a problem with using the above
syntax - admittedly it's non-standard, but it seems to work okay.
Antony.
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Please reply to the list;
please don't CC me.
