RE: not ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi all
> I would like to write this sentence in iptables rule:
>   "REJECT everything having port #443 (httpS) as destination except
>    if the IP address that query it are one of 192.168.0.18 or
> 192.168.0.50"
> 
> I'd like to forbid httpS/443 traffic except for those two IP
> addresses.
> 
> I made:
> 
> $IPT -t nat -A PREROUTING  ! --source 192.168.0.50  \
>       -p tcp --dport 443 -j REJECT
> 
> and
> 
> $IPT -t nat -A PREROUTING  --source ! 192.168.0.50  \
>       -p tcp --dport 443 -j REJECT
> 
> But they are all bad syntax.

$ man iptables

[...]
This target is only valid in the INPUT, FORWARD and OUTPUT chains,
and user-defined chains which are only called from those chains.
[...]

Also, use the filter table for filtering.

$ipt -A INPUT -s 192.168.0.18 -p tcp --dport 443 -j ACCEPT
$ipt -A INPUT -s 192.168.0.50 -p tcp --dport 443 -j ACCEPT
$ipt -A INPUT -p tcp --dport 443 -j REJECT


Grts,
Rob


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux