This was the log from one of my client who was attacked from a client on other subnet.
How many different subnets are you serving? What interfaces are they on on your router? Do you have each client on a different subnet, or are there multiple clients on one subnet? What type of network setup do you have, both physical and logical?
My network consist of clients from different subnets of /24.
Are these /24 subnets independently controlled by your clients such that you don't have any control on them sort of saying stop or you will stop their internet access?
The attacks from one subnet travels through my linux router and hits the client on other subnet.
Assuming that each of your clients is on a different subnet and they are connected to an aliased interface on your router you could very easily set up your firewall script to filter based on inbound and outbound interface. This also assumes that one client of yours will never need to communicate with another directly. If one client needs to communicate with another directly you will need to explicitly allow the traffic to pass through your router.
(This is presuming that your FORWARD policy is set to DROP which IMHO it should *ALWAYS* be.) # Client_1 iptables -t filter -A FORWARD -i $Client_1 -o $INet -s $Client_1_Subnet -j ACCEPT iptables -t filter -A FORWARD -i $INet -o $Client_1 -d $Client_1_Subnet -j ACCEPT # Client_2 iptables -t filter -A FORWARD -i $Client_2 -o $INet -s $Client_2_Subnet -j ACCEPT iptables -t filter -A FORWARD -i $INet -o $Client_2 -d $Client_2_Subnet -j ACCEPT # Client_3 iptables -t filter -A FORWARD -i $Client_3 -o $INet -s $Client_3_Subnet -j ACCEPT iptables -t filter -A FORWARD -i $INet -o $Client_3 -d $Client_3_Subnet -j ACCEPT
(This is presuming that your FORWARD policy is set to ACCEPT which IMHO it should *NEVER* be.) # Client_1 iptables -t filter -A FORWARD -i $Client_1 -o ! $INet -s $Client_1_Subnet -j DROP iptables -t filter -A FORWARD -i ! $INet -o $Client_1 -d $Client_1_Subnet -j DROP # Client_2 iptables -t filter -A FORWARD -i $Client_2 -o ! $INet -s $Client_2_Subnet -j DROP iptables -t filter -A FORWARD -i ! $INet -o $Client_2 -d $Client_2_Subnet -j DROP # Client_3 iptables -t filter -A FORWARD -i $Client_3 -o ! $INet -s $Client_3_Subnet -j DROP iptables -t filter -A FORWARD -i ! $INet -o $Client_3 -d $Client_3_Subnet -j DROP
(Any one care to double check my logic? Please?)
I tried few rules as below but seems not to be working.
Your rules look like they are designed to do more quality assurance (making sure the traffic is not blatantly invalid) on any traffic passing through the FORWARD chain than filtering based on the source and destination address and interface.
Grant. . . .
