> > How do you specifiy more than one netwrk range in a rule, is it > > possible? No. > > i want to do the following: > > iptables -A INPUT -s 10.0.0.0/8 169.254.0.0/16 -j DROP You can't ;). > How can i create a chaine and a rule that will block all the > non routed network ranges from entering the network from the > external interface incase someones trying to spoof you? Like this : iptables -N spoof iptables -A spoof -i <if_inet> -s 10.0.0.0/8 -j DROP iptables -A spoof -i <if_inet> -s 169.254.0.0/16 -j DROP ... iptables -A INPUT -j spoof iptables -A FORWARD -j spoof Gr, Rob
