Re: Doubts with iptables (or ipchains)
From: Pierre Asselin (pa@panix.com)
Date: 04/22/03
- Next message: James Mandy: "iptables.. class C, no nat'ing. help."
- Previous message: Huygens: "Pb. internet connection sharing (IPCop & UDP port)"
- In reply to: Kasper Dupont: "Re: Doubts with iptables (or ipchains)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Pierre Asselin <pa@panix.com> Date: Tue, 22 Apr 2003 00:57:54 +0000 (UTC)
Kasper Dupont <kasperd@daimi.au.dk> wrote:
> Carlos Moreno wrote:
>>
>> How do I state a rule that distinguishes packets
>> requesting a connection to port 80 (or 25, or
>> whatever) of the gateway box (to drop those) from
>> packets that are simply coming as a reply to a
>> communication on port 80?
> You can do that with iptables, you cannot do that
> with ipchains.
Since this is for TCP, ipchains can do it by looking at the SYN flag.
An ipchains rule with "-p tcp ! -y -j ACCEPT" will accept replies
but not connection attempts.
That said, I agree that iptables is better.
- Next message: James Mandy: "iptables.. class C, no nat'ing. help."
- Previous message: Huygens: "Pb. internet connection sharing (IPCop & UDP port)"
- In reply to: Kasper Dupont: "Re: Doubts with iptables (or ipchains)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
