Re: How to do nat filtering in 1.4.3.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>     absolutely !!! -t filter is the place to filter. -t nat is the place
> to do NAT-related stuff, and not filtering.
>
>     if you wanna filter packets coming TO your firewall machine, then
> your rules should be in INPUT chain
>
>     if you wanna filter packets going out FROM your firewall machine,
> then your rules should be in OUTPUT chain
>
>     if you wanna filter packets passing your firewall (ie, getting
> routed), then your rules should be in FORWARD chain. Remember that
> packets go and come, so depending the case, 2 rules are necessary to
> fully accept a forwarded packet

For packets going to the machine, i already am using the INPUT chain.
My confusion was the filtering on the nat table, but now i'm clear thanks
to you :)


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux