Hi Antony, hi Richard, On Tue, Jun 29, 2004 at 03:08:45PM +0100, Antony Stone told us: > On Tuesday 29 June 2004 2:49 pm, Richard Gutery wrote: > > > Stop macro: > > $IPT -N LD > > $IPT -A LD -j LOG > > $IPT -A LD -j DROP > > That has me really confused. I was expecting you to say that $STOP expanded > to the word DROP, or some other valid target for the -j option on the > netfilter command line. I think you got a little bit confused by this, just like me. I think the creation and filling of the custom chain is done at first and then STOP is given the value LD so that in the later rules it expands to iptables ..... -j LD > Well, it certainly won't BLOCK (using your definition above) - it will rate > limit - which means that some packets will still come through. > > I suggest the following: > > iptables -I INPUT -s 64.246.26.185 -j DROP > iptables -I OUTPUT -d 64.246.26.185 -j DROP > iptables -I FORWARD -s 64.246.26.185 -j DROP > iptables -I FORWARD -d 64.246.26.185 -j DROP Yep, this would do a better job... BTW, and, sorry, a little OT, but is there an award for the best email sigs?? If there is, I think Antony would have good chances to win it :-)) Sven -- Linux zion 2.6.7 #1 Thu Jun 17 10:44:26 CEST 2004 i686 athlon i386 GNU/Linux 16:29:04 up 3 days, 21:19, 4 users, load average: 1.00, 1.00, 1.00
Attachment:
pgpWxSEDLuLIH.pgp
Description: PGP signature