El lun, 21-02-2005 a las 15:33 +0100, Marcin Giedz escribiÃ: > Hello... > > Today I have stopped on next problem. I've just want to block almost all > connection on 80 port in my router with destination list's addresses. > "Almost" because some connection are forwarded to another router in my LAN. > So this is the rule: > > iptables -A FORWARD -p tcp -port 80 -d ! 192.168.131.0/24 && 192.168.110.0/24 > -j DROP > > But it doesn't work.... in iptables spec. -d is only connect with single > address not list. I found also iprange extension but it doesn't suit me. Is > it possible to have list destination/source addresses in iptables rule? > > Thanks, > Marcin iptables -N MYDROPCHAIN iptables -A FORWARD -p tcp -port 80 -j MYDROPCHAIN iptables -A MYDROPCHAIN -d 192.168.131.0/24 -j RETURN iptables -A MYDROPCHAIN -d 192.168.110.0/24 -j RETURN iptables -A MYDROPCHAIN -j DROP Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
