former03 | Baltasar Cevc a écrit :
Why ? What is the difference with or without NAT ?
You can filter out all incoming packets to local IP addresses on the wan
interface before NAT is done;
No you can't, unless you intend to do filtering in PREROUTING chain of
the 'mangle' table.
if you just use MASQUERADE for outgoing
packets, "iptables -A INPUT -i eth0.-d 192.168.0.0/16 -j DROP".
I just don't see how it is different whether you have NAT/MASQUERADE or
not. To me filtering and NAT in iptables are fundamentally independent.
