[nos-bbs] iptables and jnos question
Michael Fox - N6MEF
n6mef at mefox.org
Fri Jul 24 15:45:37 EDT 2015
Jerome,If you filter the input table, then the packet is still in the encapsulated state. You're looking and the tunnel addresses.
You can filter on the forwarding table, on the tunnel between linux and jnos. At that point, the packet has been decapsulated and the original IP is the source address.
MichaelN6MEF
Sent from my Verizon Wireless 4G LTE smartphone-------- Original message --------
From: jerome schatten <romers at shaw.ca>
Date: 07/24/2015 9:06 AM (GMT-08:00)
To: nos-bbs <nos-bbs at tapr.org>
Subject: [nos-bbs] iptables and jnos question
Hi...
I have been trying to construct a firewall rule to filter on the 44
address of an ipip encapsulated packet rather than the 'carrier
address'. I've tried all sorts of variations of:
iptables -A FORWARD -i tun0 -s 44.x.x.x -j DROP
at the beginning of the forward chain with no success. I'm beginning to
get the feeling that it is may not possible to filter on the
encapsulated ip.
Thanks for any suggestions,
jerome - ve7ass
_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
http://www.tapr.org/mailman/listinfo/nos-bbs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20150724/c268255e/attachment.html>
More information about the nos-bbs
mailing list