I wrote:
noa levy wrote:
Thanks!
I forgot to mention, though, that my source port for the SNMP informs
is also random, so I can't match against the destination port for the
incoming packet - does the recent target also maintain a port list or
is it IP addresses only?
How about something like this:
iptables -t nat -A POSTROUTING -p udp --dport 162 -j SNAT --to-source :29999
iptables -t mangle -A PREROUTING -p udp --dport 29999 -j MARK --set-mark 99
iptables -A input -p udp -dport ! 29999 -m mark --mark 99 -j ACCEPT
Which, of course, won't work because de-SNAT won't recognize the reply
packets coming from a random port. I really shouldn't try to post
something that complex, and untested, late at night. Sorry.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
