[Gllug] iptables question
Paul Cupis
paul at cupis.co.uk
Thu May 26 12:09:59 UTC 2005
Adrian McMenamin wrote:
> I have a wireless network. I want to leave it open for certain things
> but close it off for people, for instance, just randomly using it to
> browse the web. Why does
>
> -A INPUT -p tcp -m tcp -i wlan0 --dport 80 -j LOG
> -A INPUT -p tcp -m tcp -i wlan0 --dport 80 -j DROP
>
> Neither log nor block the traffic. Will an iptables firewall not detect
> traffic being routed through it rather than at it (if you see what I
> mean)?
from iptables(8):
TABLES
There are currently three independent tables (which tables are
present at any time depends on the kernel configuration options
and which mod-ules are present).
-t, --table table
This option specifies the packet matching table which
the command should operate on. If the kernel is
configured with automatic module loading, an attempt will
be made to load the appropriate module for that table if
it is not already there.
The tables are as follows:
filter:
This is the default table (if no -t option is
passed). It contains the built-in chains INPUT (for
packets coming into the box itself), FORWARD (for
packets being routed through the box), and OUTPUT
(for locally-generated packets).
I think you'll want to use the FORWARD tables, not the INPUT table.
Regards,
Paul Cupis
--
paul at cupis.co.uk
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list