[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: [suse-security] Unwanted routing between subnets



of course you can protect your nets, I suggest following rules :

iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d $LOCAL-IP -j ACCEPT
iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d $LOCAL-IP -j ACCEPT

guessing the default policy is drop for input ...

cu
bruno

holger.schletz@xxxxxx schrieb am 10.09.2003 11:03:37:

> Thanks, that helped.
> 
> I tried this before, but only on the INPUT chain. Too busy to see the 
obvious 
> :-]
> 
> However, adding a ruleset for the INPUT chain is still necessary to 
protect 
> the interfaces on the router itself, as these are not handled by the 
FORWARD 
> chain.
> 
> Bye,
> Holger
> 
> Am Dienstag, 9. September 2003 08:40 schrieb BLeonhardt@xxxxxxxxxxx:
> > Hi,
> >
> > a rule like
> >
> > iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
> > iptables -A FORWARD -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16  -j 
DROP
> >
> > wouldn't work ?
> >
> > Mit freundlichen Grüßen / Best regards
> > Bruno Leonhardt
> >
> > LPI Level 1 Certified
> > Watchguard Certified System Professional
> > CLP Domino R5 Systemadministrator
> 
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 
> 

-- 
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte 
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail 
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und 
vernichten Sie diese E-Mail und deren Anhänge. Das unerlaubte Kopieren, 
die unberechtigte Veröffentlichung sowie die unbefugte Weitergabe dieser 
E-Mail oder des Inhalts ist nicht gestattet.

This e-mail is confidential and may also be legally privileged. If you are 
not the indended recipient or have received this messge in error, please 
notify the sender immediately and delete this message and any 
attachements. Any unauthorized copying, disclosure or circulation of the 
message or the contents of this message is strictly prohibited.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here