On May 25 2007 17:17, Jeff Weber wrote: > >I've added a firewall rule to block external requests to forward through the >gateway: > >$IPTABLES -A FORWARD -p tcp -i $DAS_SCADA_IF --syn -j DROP Well that sounds a little broken, because the first packet of a TCP connection _is_ SYN. So you might want -p tcp ! -d destaddr ! --dport destport --syn -j DROP here... Alternatively ... -p tcp --syn -m conntrack --ctstate DNAT -j ACCEPT -p tcp --syn -j DROP Jan --
