[lug] (another) iptables question

John Hernandez jph at jph.net
Mon Oct 8 13:19:51 MDT 2007


On 10/8/07, Nick Golder <nrg at nirgo.net> wrote:
>
> I am trying to setup a rule which drops packets between two interfaces -
> eth1 and tun0 (an openvpn tunnel device) using iptables.
>
> The rule I am trying to use is:
> iptables -I FORWARD -i eth1 -o tun0 -j DROP
> iptables -I FORWARD -i tun0 -o eth1 -j DROP



I could be wrong, but from a technical standpoint, I don't think tun0 will
ever match on -i or -o because it's never the first ingress or final egress
interface.  Does that make sense?

A better approach might be:

-i eth1 -d <tun0_net>
-o eth1 -s <tun0_net>

-John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20071008/b9243ada/attachment.html>


More information about the LUG mailing list