restricting connections from a single connection to a single destination

Todd Landfried tlandfried at viatornetworks.com
Thu Aug 25 16:11:36 CEST 2005


I'm trying to protect some people from themselves and I want to set  
up a rule that allows a single IP on the network to connect only to  
the gateway's internal IP, thereby restricting as much as possible  
user's ability to connect to other PCs on the network. Yes, I know  
about VLANs and I know about port isolation on the hardware side, and  
I've tried explaining how to do it these folks, but they're just not  
getting it.

 From what I have read, this should work, but it doesn't. I'm not  
sure which loopback this refers to, the host or the source. Any  
suggestions?

-A PREROUTING -i lo -p icmp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p tcp -d gateway-internal-private-ip -j ACCEPT
-A PREROUTING -i lo -p udp -d gateway-internal-private-ip -j ACCEPT

Thanks



More information about the netfilter mailing list