restricting connections from a single connection to a single destination

Todd Landfried tlandfried at
Thu Aug 25 16:11:36 CEST 2005

I'm trying to protect some people from themselves and I want to set  
up a rule that allows a single IP on the network to connect only to  
the gateway's internal IP, thereby restricting as much as possible  
user's ability to connect to other PCs on the network. Yes, I know  
about VLANs and I know about port isolation on the hardware side, and  
I've tried explaining how to do it these folks, but they're just not  
getting it.

 From what I have read, this should work, but it doesn't. I'm not  
sure which loopback this refers to, the host or the source. Any  

-A PREROUTING -i lo -p icmp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p tcp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p udp -d gateway-internal-private-ip -j ACCEPT


More information about the netfilter mailing list