| To: | netfilter@lists.netfilter.org |
|---|---|
| Subject: | Droping all SYN |
| From: | Julian Hagenauer <chaosbringer@gmx.de> |
| Date: | Tue, 27 Mar 2007 15:15:21 +0200 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | netfilter-list1@securepoint.com |
| List-archive: | </pipermail/netfilter> |
| List-help: | <mailto:netfilter-request@lists.netfilter.org?subject=help> |
| List-id: | General discussion and user questions <netfilter.lists.netfilter.org> |
| List-post: | <mailto:netfilter@lists.netfilter.org> |
| List-subscribe: | <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe> |
| List-unsubscribe: | <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe> |
| Sender: | netfilter-bounces@lists.netfilter.org |
Hi, this may be a simple Question. I have a xen-domain which is acting as a server. For some experiments i want, that every attempt to connect to a services on this server is blocked, but none of the existing connections is affected. So, the ip of the server is 192.168.1.4 and the interface on dom0 is vif1.0. Dom0 acts as a arpproxy. Would 'iptables -A FORWARD -d 192.168.1.4 -o vif1.0 -p tcp --syn -j DROP' enough? Its crucial for me, so i have to be sure that the syntax is correct. Thanks, Julian |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | nubee ++ using iptables to block bit torrent .., Gregory Machin |
|---|---|
| Next by Date: | [ipset] Minor non-blocking "sleep" bugs, Ismaël BALLO |
| Previous by Thread: | nubee ++ using iptables to block bit torrent .., Gregory Machin |
| Next by Thread: | Re: Droping all SYN, Arnd-Hendrik Mathias |
| Indexes: | [Date] [Thread] [Top] [All Lists] |