> I take it to mean that packets from host2 to host 3 were NOT accepted by
this
> rule? ... What do the counters for the rule say? ( iptables -L -n -v -x
).
yes, I already look after the counter. A paket from host2 to host3 dont
increase the counter.
> What other rules exist that might affect said packets? -- I note the above
is
> an ADD. Could rules farther up the FORWARD chain have already
> accepted/denied the said packets?
this was only a example. I tested also on a other pc, with has normal no
rulesset to be sure.
> FYI -- I just tested this by inserting a double negative rule in my
firewall
>
> iptables -I tcp_packets -p tcp -s ! {internal_lan} -d ! {internal lan ip}
> --dport 25 -j allowed
>
> and sending myself an email from outside. The packet counter incremented
> appropriately.
Sorry, but why are you able to send with this rule a mail from outside to a
mailserver in your internal network? I suppose, that with the "-d !
{internal lan ip}" it ist not possible to send a paket to your mailserver.
> well... my two cents :-)
>
> iptables -A FORWARD -s host1 -d host2 -j DROP
well sorry it is not that easy as it seems. The rule should forward pakets
to a user-chain only if host1 ist not the source and host2 are is not the
destination.
I also tested with the 2.6.7 kernel and 1.2.11, so I can exclude this.
--
Supergünstige DSL-Tarife + WLAN-Router für 0,- EUR*
Jetzt zu GMX wechseln und sparen http://www.gmx.net/de/go/dsl
