On Fri, Jan 07, 2005 at 11:45:32PM +0800, edwardspl@xxxxxxxxxx wrote:
> Jason Opperisano wrote:
>
> > > Sorry, what useful about the following function ( command line ) ?
> > >
> > > > iptables -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --syn -d $SRV1 \
> > > > ? --dport 80 -j ACCEPT
> >
> > um--it allows the packet through the FORWARD chain of the filter table.
> > remember--you're trying to build a firewall here.
>
> So, must I enable this kind of function for using the Firewall ?
if you want your machine to be an actual firewall, yes. if you're
building a NAT router--then no.
-j
--
"I bent my wookie."
--The Simpsons
