complement of an IP address range rejected by iptables in F14
dave perry
skidavem at mindspring.com
Fri Jan 14 00:30:20 UTC 2011
I have several LAN's with fedora routers that I support. The last line
in this section of my firewall script causes an error in F14.
POSTROUTING chain rules
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -s ! 192.168.1.0/24 -j DROP
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`).
Am I interpreting this change correctly to think that the following line,
/sbin/iptables -A FORWARD ! -s 192.168.1.0/24 -j DROP
will drop all packet not sourced from the LAN with addresses 192.168.1.*
where * is any number from 1 to 255?
More information about the users
mailing list