Odd question with source based blocking
msconzo at net.tamu.edu
Thu Aug 26 23:57:03 CEST 2004
I have a brief (hopefully) question.
I currently have a box that sits inline with a firewall setup similiar
to the following
FORWARD - Policy - DROP
* allow DNS
* allow DHCP
* all WEB
* allow all from 192.168.1.0/24 -> BLOCKED
* allow all to 192.168.1.0/24 -> BLOCKED
* Block this IP
* Block this other IP
* etc ...
I've tried setting the default policy of BLOCKED to accept, however it
doesn't seem to let traffic through that doesn't match any one of the
'block this IP rule'.
The only catch is, I remove the 'block this IP' rules from the BLOCKED
list, so it makes it hard to ensure an ALLOW rule remains at the
bottom. Any ideas on how I can do this (default allow traffic not
hitting a rule on BLOCKED to be ALLOWED?
_ Michael J. Sconzo
_ Computing & Information Services, Texas A&M University
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
More information about the netfilter