complement of an IP address range rejected by iptables in F14
Genes MailLists
lists at sapience.com
Fri Jan 14 01:30:25 UTC 2011
On 01/13/2011 07:30 PM, dave perry wrote:
>
> POSTROUTING chain rules
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
> /sbin/iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
> /sbin/iptables -A FORWARD -s ! 192.168.1.0/24 -j DROP
>
>
Any reason you don't drop everything by default in which case the rule
is redundant ? Or do you and you're being super careful ?
iptables -P FORWARD DROP # etc for all tables
More information about the users
mailing list