Re: (no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Antony, hi Richard,

On Tue, Jun 29, 2004 at 03:08:45PM +0100, Antony Stone told us:
> On Tuesday 29 June 2004 2:49 pm, Richard Gutery wrote:
> 
> > Stop macro:
> > $IPT -N LD
> > $IPT -A LD -j LOG
> > $IPT -A LD -j DROP
> 
> That has me really confused.   I was expecting you to say that $STOP expanded 
> to the word DROP, or some other valid target for the -j option on the 
> netfilter command line.

I think you got a little bit confused by this, just like me. I think
the creation and filling of the custom chain is done at first and then
STOP is given the value LD so that in the later rules it expands to 

iptables ..... -j LD


> Well, it certainly won't BLOCK (using your definition above) - it will rate 
> limit - which means that some packets will still come through.
> 
> I suggest the following:
> 
> iptables -I INPUT -s 64.246.26.185 -j DROP
> iptables -I OUTPUT -d 64.246.26.185 -j DROP
> iptables -I FORWARD -s 64.246.26.185 -j DROP
> iptables -I FORWARD -d 64.246.26.185 -j DROP

Yep, this would do a better job...

BTW, and, sorry, a little OT, but is there an award for the best
email sigs?? If there is, I think Antony would have good chances
to win it :-))


Sven

-- 
Linux zion 2.6.7 #1 Thu Jun 17 10:44:26 CEST 2004 i686 athlon i386 GNU/Linux
 16:29:04  up 3 days, 21:19,  4 users,  load average: 1.00, 1.00, 1.00

Attachment: pgpWxSEDLuLIH.pgp
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux