On September 6, 2004 04:28 am, Akolinare@xxxxxxx wrote:
> Hi,
>
> I have a little question with two negatived parameters in one rule.
>
> I create a rule, which should only match if source and destination are not
> the given. I think that it is easy and try the following rule:
>
> iptables -A FORWARD -s ! host1 -d ! host2 -j ACCEPT
>
> But with this rule pakets from host1 to host3 (or from host2 to host3) were
> not affected. It seems like the logical combination is OR and not AND
> unlike the not negatived rule.
> I think that the rule is logical right. Is it a little bug or have I
> misunderstood something?
>
> I used the version 1.2.11 with kernel 2.4.26.
>
> Markus
I take it to mean that packets from host2 to host 3 were NOT accepted by this
rule? ... What do the counters for the rule say? ( iptables -L -n -v -x ).
What other rules exist that might affect said packets? -- I note the above is
an ADD. Could rules farther up the FORWARD chain have already
accepted/denied the said packets?
FYI -- I just tested this by inserting a double negative rule in my firewall
iptables -I tcp_packets -p tcp -s ! {internal_lan} -d ! {internal lan ip}
--dport 25 -j allowed
and sending myself an email from outside. The packet counter incremented
appropriately.
2.6.7 linux iptables 1.2.11
and now that rule is gone.
Alistair
