On 01/13/2011 07:30 PM, dave perry wrote:
>
> POSTROUTING chain rules
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
> /sbin/iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
> /sbin/iptables -A FORWARD -s ! 192.168.1.0/24 -j DRO
On 01/13/2011 08:30 PM, dave perry wrote:
> Am I interpreting this change correctly to think that the following line,
>
> /sbin/iptables -A FORWARD ! -s 192.168.1.0/24 -j DROP
>
> will drop all packet not sourced from the LAN with addresses 192.168.1.*
> where * is any number from 1 to 255?
Yes
On Thu, 2011-01-13 at 17:30 -0700, dave perry wrote:
> Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).
>
> Am I interpreting this change correctly to think that the following
> line,
>
> /sbin/iptables -A FORWARD ! -s 192.168.
I have several LAN's with fedora routers that I support. The last line
in this section of my firewall script causes an error in F14.
POSTROUTING chain rules
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
/sbin/iptables -A FORWARD
