Issue resolved!
Thx very much,... I had that syntax before,.. but it wasn't early enough
in the rule set,... rookie mistake!
Thx guys!
Sebastian Heidl wrote:
Hi Ross,
this should do it:
iptables -A INPUT -i eth0 -d 196.x.x.94 -j DROP
You may want to insert this rule early in the INPUT chain.
Regards.
_sh_
On Wed, 2006-07-19 at 12:25 +0200, Ross Cameron wrote:
Hi there list I have the following issue:
I have a IP split setup on one of my Linux boxes (see diagram below), I
can route and all access is hunky dory,... BUT I want to block access to
my DMZ'z gateway address from the outside world.
How do I do this?
+------------+ +------------ +
| | eth0 +-------------+ eth1 | |
| Internet |============| FW / Router |============| LAN |
| | +-------------+ | |
+------------+ || eth2 +------------ +
||
||
||
|| +------------ +
|+-----------------| |
+------------------| DMZ |
| |
+------------ +
KEY:
~~~~
eth0 => 196.x.x.122 / 255.255.255.252
eth1 => 192.168.x.x / 255.255.255.0
eth2 => 196.x.x.94 / 255.255.255.240
The Internet needs to be able to see 196.x.x.80 -> 196.x.x.95,... with
the exception of 196.x.x.94!!!
Everything else is correct and how I need it to be,... I need to know
how to DROP the packets coming in on eth0 for 196.x.x.94
BUT packets coming in on eth2 for 196.x.x.94 need to be allowed.
Regards,...
Ross Cameron
