I'm trying to protect some people from themselves and I want to set
up a rule that allows a single IP on the network to connect only to
the gateway's internal IP, thereby restricting as much as possible
user's ability to connect to other PCs on the network. Yes, I know
about VLANs and I know about port isolation on the hardware side, and
I've tried explaining how to do it these folks, but they're just not
getting it.
From what I have read, this should work, but it doesn't. I'm not
sure which loopback this refers to, the host or the source. Any
suggestions?
-A PREROUTING -i lo -p icmp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p tcp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p udp -d gateway-internal-private-ip -j ACCEPT
Thanks
