> Hi all > I would like to write this sentence in iptables rule: > "REJECT everything having port #443 (httpS) as destination except > if the IP address that query it are one of 192.168.0.18 or > 192.168.0.50" > > I'd like to forbid httpS/443 traffic except for those two IP > addresses. > > I made: > > $IPT -t nat -A PREROUTING ! --source 192.168.0.50 \ > -p tcp --dport 443 -j REJECT > > and > > $IPT -t nat -A PREROUTING --source ! 192.168.0.50 \ > -p tcp --dport 443 -j REJECT > > But they are all bad syntax. $ man iptables [...] This target is only valid in the INPUT, FORWARD and OUTPUT chains, and user-defined chains which are only called from those chains. [...] Also, use the filter table for filtering. $ipt -A INPUT -s 192.168.0.18 -p tcp --dport 443 -j ACCEPT $ipt -A INPUT -s 192.168.0.50 -p tcp --dport 443 -j ACCEPT $ipt -A INPUT -p tcp --dport 443 -j REJECT Grts, Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html