[Gllug] iptables question

Adrian McMenamin adrian at mcmen.demon.co.uk
Thu May 26 12:15:39 UTC 2005 

On Thu, 2005-05-26 at 13:09 +0100, Paul Cupis wrote:
> Adrian McMenamin wrote:
> > I have a wireless network. I want to leave it open for certain things
> > but close it off for people, for instance, just randomly using it to
> > browse the web. Why does
> > 
> > -A INPUT -p tcp -m tcp -i wlan0 --dport 80 -j LOG
> > -A INPUT -p tcp -m tcp -i wlan0 --dport 80 -j DROP
> > 
> > Neither log nor block the traffic. Will an iptables firewall not detect
> > traffic being routed through it rather than at it (if you see what I
> > mean)?
> 
> from iptables(8):
> 
> TABLES
>        There  are currently three independent tables (which tables are
>        present at any time depends on the kernel configuration options
>        and which  mod-ules are present).
> 
>        -t, --table table
>               This  option  specifies the packet matching table which
>               the command should operate on.  If the kernel is
>               configured with automatic module loading, an attempt will
>               be made to load the appropriate module for that table if
>               it is not already there.
> 
>               The tables are as follows:
> 
>               filter:
>                   This is the default table (if no -t option is
>                   passed).   It contains  the built-in chains INPUT (for
>                   packets coming into the box itself), FORWARD (for
>                   packets being routed  through the box), and OUTPUT
>                   (for locally-generated packets).
> 
> I think you'll want to use the FORWARD tables, not the INPUT table.

Ah, of course!

Thanks -  I'd only ever thought of the FORWARD table in terms of port
forwarding services from inside my network to the outside world, but now
you've said that it all makes sense.


> 
> Regards,
> 
> Paul Cupis
> -- 
> paul at cupis.co.uk
> 
-- 
Adrian McMenamin <adrian at mcmen.demon.co.uk>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050526/845c5c64/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list