On Sun, Feb 23, 2014 at 2:09 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: <SNIP> > >> If I then add this rule. >> >> IPTABLES -A INPUT -i eth1 -p tcp --dport 1:1054 -j DROP > [...] >> I would think that would block just about everything again > > Not quite. It is the INPUT chain, so it just blocks packets destined to > the ports 1-1054 of the router itself. It does not block packets > destined to the outside, nor packets destined to a port above 1054 (why > this value by the way ?). > > If you want to filter packets between the LAN and the public internet, > use the FORWARD chain instead. Thanks for taking the time to reply. Your responses got me on the right track. As for the 1054, it was just a number pulled out of the air for testing purposes. Thanks again. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
