Re: how can I write this Ipchains rules ?? ?

From: Marc Greene (
Date: 01/09/02

From: (Marc Greene)
Date: 8 Jan 2002 19:41:50 -0600

On 8 Jan 2002 17:17:43 -0800, ww <> wrote:
>happy new year!
>I want to let my linux box do ip MASQ when the "-d addr" is neither
> nor . how will I write these Ipchains
>rules ?

All the examples I've seen suggest having a default policy of DENY
and then allowing whatever hosts you want to specifically allow. My
rules are like:

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ

$EXTIF is the modem (ppp0) for me, and it produces:

[~]> /sbin/ipchains -L forward
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ anywhere n/a

I woud imagine you're looking for the opposite, maybe something like:

/sbin/ipchains -P forward MASQ
/sbin/ipchains -A forward -i $EXTIF -s -j DENY
/sbin/ipchains -A forward -i $EXTIF -s -j DENY