[Firestarter-user] Re: How to block all traffic from certain external hosts

[Julian T. <ju...@ne...>]

Hi Don,

The Chain you are looking for is the FORWARD and not INPUT.

INPUT = Incoming packet destine for the firewall
OUTPUT = Packets originating at the firewall
FORWARD = Going to another address passing through the firewall.

See "RE: does firestarter run with iptables as it's engine? 2nd request"  By 
me for a more detailed explanation.

Hope that helps

Julian

----- Original Message ----- 
From: "Don Silvia" <don...@gm...>
Newsgroups: gmane.comp.security.firewalls.firestarter.user
Sent: Thursday, May 04, 2006 11:18 AM
Subject: How to block all traffic from certain external hosts


How can I block all traffic from specific external hosts when they hit
a port that is forwarded to an internal host?  I tried adding
something like this to user-pre:

 $IPT -A INPUT -s 1.2.3.4/19 -j LOG --log-prefix "[dropping] "
 $IPT -A INPUT -s 1.2.3.4/19 -j DROP

and in /etc/firestarter/inbound/forward I have

 HTTP, 80, 10.0.0.2, 80,

but what I'm seeing is that the log message is written but the request
still gets through.  Is there anything else I need to add to user-pre?

Thanks,

--
Don


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642