Ok, so i am turning my server into a router to create my own subnet on our home lan. I have 2 NICs on the server:
eth0
eth1
My problem is that if i set the default INPUT chain to
iptables -P INPUT DROP
wouldn't it drop on ALL interfaces?
would creating a new chain be able to solve this?
Like one input/output chain for each interface? and if so, how would i do this?
I read around in the iptables manual but couldn't find anything that caught my eyes.
iptables on a certain interface?
iptables on a certain interface?
"The best place to hide a tree, is in a forest"
i am well aware of those, but aren't that for the rules in the chain?G-Brain wrote:--in-interface
--out-interface
I mean making rules inside of the chain to accomplish this is possible, but isn't there like a way to make one specific chain for each interface?
Dunno how to explain it better then that =/
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
you can create a new chain with the -N switch:
then put the rules for the specific iface in that one chain....chains itself are not related to a specific interface, only the rules inside the chains are...
Code: Select all
iptables -N name-of-chain
hmmm ok, I'll try that then...
also b_b there was something i wanted to ask you ^^
Remember the first post about iptables i made? when you explain how to use it and save it and then load the tables at startup?
You told me to add a line to the corresponding NIC in /etc/network/interfaces
So if i make an iptable with rules for both NICs and save it, and then add that pre-up line to the interfaces file so that it will load on startup....do i have to add the same line to both NICs or just one?
also b_b there was something i wanted to ask you ^^
Remember the first post about iptables i made? when you explain how to use it and save it and then load the tables at startup?
You told me to add a line to the corresponding NIC in /etc/network/interfaces
So if i make an iptable with rules for both NICs and save it, and then add that pre-up line to the interfaces file so that it will load on startup....do i have to add the same line to both NICs or just one?
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
hmmm....good question....
on one side the rules are loaded anyway, no matter to what iface they apply, loading them twice would make no sense.....but I have to admit I am not 100% sure, so best try it first with using only the already existing entry....
best add a simple rule for the 2nd iface like -p icmp -j DROP and then ping the iface after a reboot, if the pings are blocked the rule was loaded...
on one side the rules are loaded anyway, no matter to what iface they apply, loading them twice would make no sense.....but I have to admit I am not 100% sure, so best try it first with using only the already existing entry....
best add a simple rule for the 2nd iface like -p icmp -j DROP and then ping the iface after a reboot, if the pings are blocked the rule was loaded...