Re: Rules to block traffic form an interface to a netblock

To:	trellmor@freewlan.info
Subject:	Re: Rules to block traffic form an interface to a netblock
From:	Jan Engelhardt <jengelh@linux01.gwdg.de>
Date:	Thu, 24 May 2007 18:37:50 +0200 (MEST)
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<20070523092216.A3B1320A8CB7@server11.web4a.de>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<20070523092216.A3B1320A8CB7@server11.web4a.de>
Sender:	netfilter-bounces@lists.netfilter.org

To:

trellmor@freewlan.info

Subject:

Re: Rules to block traffic form an interface to a netblock

From:

Jan Engelhardt <jengelh@linux01.gwdg.de>

Date:

Thu, 24 May 2007 18:37:50 +0200 (MEST)

Cc:

netfilter@lists.netfilter.org

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

In-reply-to:

<20070523092216.A3B1320A8CB7@server11.web4a.de>

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

References:

<20070523092216.A3B1320A8CB7@server11.web4a.de>

Sender:

netfilter-bounces@lists.netfilter.org

On May 23 2007 11:22, trellmor@freewlan.info wrote:
>
>Hello!
>
>I tried to create a rule to block all traffic from a interface (ath1) to
>a netblock (192.168.0.0/16).

-i ath1 -d 192.168.0.0/16 ...

>The device is a WLAN router and the ath1 interface is unencrypted,
>allowing visitors to login. But i want to restrict access to my private
>lan (192.168.0.0/16). The router performs nat between the ath1 and the
>ath0. So forwared packets need to reach the next hop (192.168.0.1),
>allowing visitors to access the internet. The router itself (and other
>interfaces on the router) should still be able to reach 192.168.0.0/16.
>
>I tried to come up with a rule for that, but my solutions doesn't seem
>to work. I hope anyone can give me a solution for this problem, or at
>least an idea how to solve it.


        Jan
--

<Prev in Thread]	Current Thread	[Next in Thread>
Rules to block traffic form an interface to a netblock, trellmor Re: Rules to block traffic form an interface to a netblock, Jan Engelhardt <=

Previous by Date:	Re: Dynamic kernel module load, Jan Engelhardt
Next by Date:	Re: Dynamic kernel module load, Martijn Lievaart
Previous by Thread:	Rules to block traffic form an interface to a netblock, trellmor
Next by Thread:	Queued packet in user space: network order or host order?, Michael Ransburg
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Dynamic kernel module load, Jan Engelhardt

Next by Date:

Re: Dynamic kernel module load, Martijn Lievaart

Previous by Thread:

Rules to block traffic form an interface to a netblock, trellmor

Next by Thread:

Queued packet in user space: network order or host order?, Michael Ransburg

Indexes:

[Date] [Thread] [Top] [All Lists]