Le 20/08/2017 à 09:31, khawar shehzad a écrit :
So, the question is: Can we FILTER packets (in my case accepting packets which have a specific source IPv6 Addresses) before doing NAT in the same box/machine/server (using iptables or nftables)?
Sure. With iptables you can do it in the raw or mangle PREROUTING chains, even though they are not primarily intended for filtering.
However, when the host is a router, filtering in PREROUTING is not the same as filtering in INPUT : PREROUTING sees all packets entering the host, while INPUT sees only packets directed at the host itself (after DNAT).
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
