On Wed, 28 Nov 2001, François Bayart wrote:
> > Hi , > > I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages > > brctl addbr br0 > brctl addif br0 eth0 > brctl addif br0 eth1 > ifconfig eth0 0.0.0.0 > ifconfig eth1 0.0.0.0 > ifconfig br0 62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255 > > That correctly works but now I would like create some filtering rules and I > try with iptables and it doesn't work > ex, just drop the icmp : > > iptables -F INPUT > iptables -P INPUT ACCEPT > iptables -F OUTPUT > iptables -P OUTPUT ACCEPT > iptables -F FORWARD > iptables -P FORWARD ACCEPT As I believe to remember, you have to set the default policy to DENY, at least you had to do when doing masquarading under 2.2. and ipchains. > iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -t mangle -A PREROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -t mangle -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -t nat -A POSTROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -t nat -A PREROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -t nat -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -N br0 > iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP > iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0 > iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0 > iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0 > > and I can ping without problem, I have try all rules because I don't > understand the problem, normally I don't have NAT n this network. > > Si if someone can give me a solution or informations > > thx > > Francois > > > ----------------------- > François Bayart > [EMAIL PROTECTED] > +33 1 49 27 98 30 > +33 6 87 84 18 82 >
