[nos-bbs] iptables and jnos question

Michael Fox - N6MEF n6mef at mefox.org
Fri Jul 24 15:45:37 EDT 2015


Jerome,If you filter the input table, then the packet is still in the encapsulated state.  You're looking and the tunnel addresses.
You can filter on the forwarding table, on the tunnel between linux and jnos.  At that point, the packet has been decapsulated and the original IP is the source address.
MichaelN6MEF


Sent from my Verizon Wireless 4G LTE smartphone-------- Original message --------
From: jerome schatten <romers at shaw.ca> 
Date: 07/24/2015  9:06 AM  (GMT-08:00) 
To: nos-bbs <nos-bbs at tapr.org> 
Subject: [nos-bbs] iptables and jnos question 

Hi...

I have been trying to construct a firewall rule to filter on the 44 
address of an ipip encapsulated packet rather than the 'carrier 
address'. I've tried all sorts of variations of:

iptables -A FORWARD -i tun0 -s 44.x.x.x -j DROP

at the beginning of the forward chain with no success. I'm beginning to 
get the feeling that it is may not possible to filter on the 
encapsulated ip.

Thanks for any suggestions,
jerome - ve7ass


_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
http://www.tapr.org/mailman/listinfo/nos-bbs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20150724/c268255e/attachment.html>


More information about the nos-bbs mailing list