Hi list,
I am playing around in my test environment to migrate from Openbsd PF to iptables/nftables.
I just want to have basic rules for my internal net what to send outside.
So I have e.g.
iptables -t nat -A POSTROUTING -s 192.168.200.170 -j SNAT --to Y.Y.Y.Y
Now I want the host 192.168.200.170 to get an icmp type 3 code 3 return when it wants to connect
to any ip-address to tcp-port 22. I have tried various ways, e.g.
iptables -A FORWARD -p tcp --source 192.168.200.170 --dest X.X.X.X -j REJECT
This rule works but the client does not get notified so when it connects it just gets a timeout
In OpenBSD/PF you just define e.g. 2 input rules, and then the client gets the info "Connection refused"
pass in quick proto tcp from 192.168.200.170 to any port {22 443}
block return in quick on $if_int proto tcp from 192.168.200.170
How is this to achieve with iptables/nftables? I have probably missed some important info ;-)
Thanks in advance,
infoomatic
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
