From: Jan Humme <jan.humme@xs4all.nl>
To: Antony Stone <Antony@Soft-Solutions.co.uk>, netfilter@lists.samba.org
Subject: Re: Re: unexpected problem with DNAT
Date: Wed, 10 Jul 2002 18:53:55 +0200 [thread overview]
Message-ID: <02071018535509.04513@Lms> (raw)
In-Reply-To: <200207101555.g6AFtj813062@vulcan.rissington.net>
On Wednesday 10 July 2002 17:55, Antony Stone wrote:
> On Wednesday 10 July 2002 4:49 pm, Jan Humme wrote:
> > On Wednesday 10 July 2002 16:43, Antony Stone wrote:
> > > The mangle table might be your answer.
>
> etc...........
>
> > I don't get it: the source original addresses are only SNATted *after*
> > the FORWARD chain has already been filtered, there is no need to (ab)use
> > the mangle chain for this purpose? Or am I misunderstanding something?
> >
> > So he can directly create one rule in FORWARD chain to drop the packets;
> > but his problem seems to be that he doesn't know which IP-addresses he
> > wants to block.
>
> Ah. Okay then; in that case I misunderstood the problem and I gave an
> unhelpful solution. Sorry.
>
> If the original poster doesn't know what addresses s/he wishes to block,
> then I can't think of a netfilter rule which will help :-)
Harty-har-har.........!
But I still don't understand the reason why you would mark (or even DROP)
packages at the mangle stage, if the same source IP is still available at the
filter stage?
Please explain, you got me confused.
Jan Humme.
next prev parent reply other threads:[~2002-07-10 16:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-10 12:18 unexpected problem with DNAT thingstocome
2002-07-10 12:50 ` Jan Humme
2002-07-10 14:03 ` thingstocome
2002-07-10 14:26 ` Jan Humme
2002-07-10 14:43 ` Antony Stone
2002-07-10 15:49 ` Jan Humme
2002-07-10 15:55 ` Antony Stone
2002-07-10 16:53 ` Jan Humme [this message]
2002-07-10 17:42 ` Antony Stone
2002-07-10 18:15 ` Jan Humme
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02071018535509.04513@Lms \
--to=jan.humme@xs4all.nl \
--cc=Antony@Soft-Solutions.co.uk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.