Hi Tom & Co. If I have a policy set to ACCEPT from loc to net and I want to stop say a windows machine on the Lan burbling away to microsoft, which the preferred way? add an entry to rules ie DROP loc:192.168.0.13 net upd 528 - or to add an entry to commom.def something like run_iptables -A common -p udp --dport 528 --state NEW -j DROP the port 528 is just fictitious until I spot the destination port and protocol. Thanks Richard
On Tue, 2003-09-30 at 02:05, Richard Bown wrote:> Hi Tom & Co. > > If I have a policy set to ACCEPT from loc to net > and I want to stop say a windows machine on the Lan burbling away to > microsoft, which the preferred way? > > add an entry to rules > ie > DROP loc:192.168.0.13 net upd 528 - > > or to add an entry to commom.def > something like > > run_iptables -A common -p udp --dport 528 --state NEW -j DROP > > the port 528 is just fictitious until I spot the destination port and > protocol. >I prefer the first approach. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Thanks Tom On Tue, 2003-09-30 at 15:05, Tom Eastep wrote:> On Tue, 2003-09-30 at 02:05, Richard Bown wrote: > > Hi Tom & Co. > > > > If I have a policy set to ACCEPT from loc to net > > and I want to stop say a windows machine on the Lan burbling away to > > microsoft, which the preferred way? > > > > add an entry to rules > > ie > > DROP loc:192.168.0.13 net upd 528 - > > > > or to add an entry to commom.def > > something like > > > > run_iptables -A common -p udp --dport 528 --state NEW -j DROP > > > > the port 528 is just fictitious until I spot the destination port and > > protocol. > > > > I prefer the first approach. > > -Tom-- Richard Bown <richard.bown@blueyonder.co.uk>