I''ve added a REDIRECT-target that does for REDIRECT what DNAT-does for DNAT. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
The ''shorewall'' script in the \Shorewall CVS project allows a list of addresses in the ORIGINAL DEST column of a REDIRECT or DNAT rule. If the list begins with "!'' then the rule will only apply if the destination address in the connection request does not match any of the listed addresses. Both host and network addresses may be included. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 31 May 2003 08:31:00 -0700, Tom Eastep <teastep@shorewall.net> wrote:> The ''shorewall'' script in the \Shorewall CVS project allows a list of > addresses in the ORIGINAL DEST column of a REDIRECT or DNAT rule. If the > list begins with "!'' then the rule will only apply if the destination > address in the connection request does not match any of the listed > addresses. Both host and network addresses may be included. >I meant to say the ''firewall'' script -- install in /usr/share/shorewall/firewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net