Hanasaki JiJi wrote on May 29, 2003 at 11:19:24 PM: > I have a nat postrouting rule that passes traffice from the outside > world to an internal host to handle port 80 (webserver) > > there are also rules to drop certain source addresses yet these > addresses are still coming through > > how can they be dropped? > > thanks >
I would like to recommend: http://iptables-tutorial.frozentux.net/chunkyhtml/traversingoftables.html DNAT is typically done in the -t nat PREROUTING chain, and filtering of said traffic is done in the filter table, FORWARD chain. Regards, -- .- David Hardne <dhcybe.net> `-- wget -O- cybe.net/dh|gpg --import
