[LUAU] help with iptables
Eric Hattemer
hattenator at imapmail.org
Mon Oct 15 01:01:29 PDT 2007
Whoever Whatever wrote:
> Hi,
> when I have a linux box with two NICs, one $EXTIF (external) and
> one $INTIF (subnet=192.168.176.0/20). With ip masq turn on:
> iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
>
> how do I block $INTIF(192.168.176/20) from accessing ports(ie: 80) on
> the linux box(192.168.176.1), but still allow port 80 access using ip
> masq to the outside world?
>
> I tried the filters below, but I still can access port 80 after
> applying the rules:
> iptables -A INPUT -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP
> iptables -A FORWARD -i $INTIF -p tcp -m tcp --dport 80 --syn -j DROP
> iptables -A INPUT -p tcp -s 192.168.176.0/20 -d 192.168.176.1 --dport 80 -j DROP
>
> anyone know if it's possible?
>
I don't know any iptables, because I've never had to. Maybe someone on
the list will answer your question, but in the meantime, I strongly
suggest a program called fwbuilder. You drag your rules around, and
when you're done, you can auto-generate scripts for every major
routing/firewall language you can think of.
-Eric Hattemer
More information about the LUAU
mailing list