Re: [suse-security] Unwanted routing between subnets

["Marc Samendinger" <marc.samendinger@xxxxxxxxxxxx>]

> -----Original Message-----
> From: Holger Schletz [mailto:h.schletz@xxxxxxxxx]
> Sent: Wednesday, September 10, 2003 11:04 AM
> 
> Thanks, that helped.
> 
> I tried this before, but only on the INPUT chain. Too busy to 
> see the obvious 
> :-]
> 
> However, adding a ruleset for the INPUT chain is still 
> necessary to protect 
> the interfaces on the router itself, as these are not handled 
> by the FORWARD 
> chain.

since the INPUT chain is only responsible for packets
destinated to local services on your Router there should
be no packet that matches 

> iptables -A INPUT -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
> iptables -A INPUT -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16  -j DROP

if I really unterstood you right and you wanted to block
the packets like that. 

this behaviour changed between ipchains and iptables.

> Bye,
> Holger

marc

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here