> On Wed June 24 2009 wrote Rob Sterenborg: >> $ipt -P FORWARD DROP >> $ipt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT >> $ipt -A FORWARD -m state --state NEW -p tcp --dport 22 -j ACCEPT > Watch out, that with these rules, you will allow any traffic to pass, that > has > destination port 22. Thus, the outside can contact you to port 22. And the > inside can contact any host on the Internet on port 22. No good then, i just want to allow traffic for ports defined by me, for the NAT'd machines. Can you guys help on this? Sorry but i really have no idea, with the PREROUTING it was easy for me. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
