Re: how can I write this Ipchains rules ?? ?

From: Marc Greene (eru@subdimension.com)
Date: 01/09/02


From: eru@subdimension.com (Marc Greene)
Date: 8 Jan 2002 19:41:50 -0600

On 8 Jan 2002 17:17:43 -0800, ww <ww@challenger.com.cn> wrote:
>hi,
>all
>happy new year!
>
>I want to let my linux box do ip MASQ when the "-d addr" is neither
>192.168.100.0/24 nor 10.1.101.0/24 . how will I write these Ipchains
>rules ?

All the examples I've seen suggest having a default policy of DENY
and then allowing whatever hosts you want to specifically allow. My
rules are like:

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ

$EXTIF is the modem (ppp0) for me, and it produces:

[~]> /sbin/ipchains -L forward
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.0.0/24 anywhere n/a
[~]>

I woud imagine you're looking for the opposite, maybe something like:

/sbin/ipchains -P forward MASQ
/sbin/ipchains -A forward -i $EXTIF -s 192.168.100.0/24 -j DENY
/sbin/ipchains -A forward -i $EXTIF -s 10.1.101.0/24 -j DENY

HTH

Marc