Have a question about the blacklist option. The manual says : When a packet arrives on in interface that has the ''blacklist'' option # specified, its source IP address is checked against this file and disposed of This is fine for any local ip''s that you want to deny access to the net or part of it. But what if I want to allow access to all of the internet except for a few ip adresses as a destination? Is there a way to put it ''in reverse'' and filter on destination ip as well, regardless of the source ip? Remco -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--On Thursday, November 21, 2002 07:33:10 AM +0100 Remco Barendse <shorewall@barendse.to> wrote:> > Is there a way to put it ''in reverse'' and filter on destination ip as > well, regardless of the source ip? >Not entirely -- but for filtering destinations from your local net you can use rules: REJECT loc net:<ip1>,<ip2>,... all -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net