On Thursday 29 July 2004 10:07 pm, Ashley M. Kirchner wrote:
> Antony Stone wrote:
> >>>iptables -I FORWARD -s a.b.c.d -d w.x.y.z -p tcp --dport 80 -j REJECT
> >
> >"-I" will insert the rule at the top of the FORWARD chain, and therefore
> >guarantees that these packet will be REJECTed, no matter other rules
> > follow in your ruleset.
>
> Thanks for the explanation. So I'm testing this out now, and I
> inserted:
>
> iptables -I FORWARD -s 66.218.75.184 -d 192.168.1.253 -p tcp --dport 80
> -j REJECT
>
> 66.218.75.184 == mail.yahoo.com (or login.yahoo.akadns.net, or
> l1.login.vip.scd.yahoo.com according to iptables -L), however that
> machine (.253) can still reach that address just fine. What am I missing?
You're missing the fact that 192.168.1.253 connects to 66.218.75.184 on
destination port 80, not the other way round.
Try reversing the source & destination addresses in your rule and see if that
does what you wanted.
Regards,
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
