Rules to block traffic form an interface to a netblock

To:	netfilter@lists.netfilter.org
Subject:	Rules to block traffic form an interface to a netblock
From:	trellmor@freewlan.info
Date:	Wed, 23 May 2007 11:22:16 +0200 (CEST)
Cc:
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
Importance:	Normal
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org

To:

netfilter@lists.netfilter.org

Subject:

Rules to block traffic form an interface to a netblock

From:

trellmor@freewlan.info

Date:

Wed, 23 May 2007 11:22:16 +0200 (CEST)

Cc:

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

Importance:

Normal

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

Sender:

netfilter-bounces@lists.netfilter.org

Hello!

I tried to create a rule to block all traffic from a interface (ath1) to
a netblock (192.168.0.0/16).
The device is a WLAN router and the ath1 interface is unencrypted,
allowing visitors to login. But i want to restrict access to my private
lan (192.168.0.0/16). The router performs nat between the ath1 and the
ath0. So forwared packets need to reach the next hop (192.168.0.1),
allowing visitors to access the internet. The router itself (and other
interfaces on the router) should still be able to reach 192.168.0.0/16.

I tried to come up with a rule for that, but my solutions doesn't seem
to work. I hope anyone can give me a solution for this problem, or at
least an idea how to solve it.

-- Yours truly
Daniel Triendl
trellmor@freewlan.info
http://dani.tac-ops.net

<Prev in Thread]	Current Thread	[Next in Thread>
Rules to block traffic form an interface to a netblock, trellmor <= Re: Rules to block traffic form an interface to a netblock, Jan Engelhardt

Previous by Date:	Re: redirect 127.0.0.1:25 -> 127.0.0.1:2000, Jan Engelhardt
Next by Date:	Re: Conntrack rule timeout problem, Gáspár Lajos
Previous by Thread:	[ANNOUNCE] Release libnfnetlink_conntrack, Pablo Neira Ayuso
Next by Thread:	Re: Rules to block traffic form an interface to a netblock, Jan Engelhardt
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: redirect 127.0.0.1:25 -> 127.0.0.1:2000, Jan Engelhardt

Next by Date:

Re: Conntrack rule timeout problem, Gáspár Lajos

Previous by Thread:

[ANNOUNCE] Release libnfnetlink_conntrack, Pablo Neira Ayuso

Next by Thread:

Re: Rules to block traffic form an interface to a netblock, Jan Engelhardt

Indexes:

[Date] [Thread] [Top] [All Lists]