Hello List, I have a problem here, I have a client, which should only be able to access a few ip's and not the rest. But the rest of my network should be allowed to access this client unrestricted (that is if they initiate the connection). Currently I'm using the following rules, which indeed allows client to only access a few ip's , the rest is dropped. Which is ok for client , but not ok for lan since if someone else wants to access the client they are also dropped. 1. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.55 -j ACCEPT 2. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.15 -j ACCEPT 3. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.49 -j ACCEPT 4. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.51 -j ACCEPT 5. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.44 -j ACCEPT 6. iptables -A FORWARD -s 192.168.220.28 -d 192.168.205.33 -j ACCEPT 7. iptables -A FORWARD -s 192.168.220.28 -j DROP What I want is : - Client should be able to only access a few selected ip's (see above) - Client should not be able to access anything else - BUT! If someone from the network initiates a connection to the client, be it ping, vnc, or whatever it should be allowed ( I don't know how to do this) If someone can please help me :) . Thank you Robert -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
