Re: iptables DROP before PREROUTING

To: debian-user@lists.debian.org
Subject: Re: iptables DROP before PREROUTING
From: Reco <recoverym4n@enotuniq.net>
Date: Thu, 9 Jan 2020 22:59:14 +0300
Message-id: <[🔎] E1ipdxb-0005lZ-Fb@enotuniq.net>
In-reply-to: <[🔎] bd1fbb2e8acfe21972010df27d79c478ad0ee017.camel@k4vqc.com>
References: <[🔎] bd1fbb2e8acfe21972010df27d79c478ad0ee017.camel@k4vqc.com>

	Hi.

On Thu, Jan 09, 2020 at 02:46:25PM -0500, Jim Popovitch wrote:
> Is there a way to have iptables DROP before PREROUTING.

What you meant is "before PREROUTING in nat". It's an important bit, see
below.

> What I want to do is prevent 23.132.208.0/24 from accessing a service
> (port 12345) on my home PC.  The problem is, the REROUTING rules preceed
> the DROP rule, so the connections get through.  Thanks for any
> suggestions/help.

Try it (raw table is called before nat one):

iptables -t raw -A PREROUTING -s 23.132.208.0/24 -j DROP

Reco

Reply to:

References:
- iptables DROP before PREROUTING
  - From: Jim Popovitch <jim@k4vqc.com>

Prev by Date: iptables DROP before PREROUTING
Next by Date: Re: web server for development
Previous by thread: iptables DROP before PREROUTING
Next by thread: Re: iptables DROP before PREROUTING
Index(es):
- Date
- Thread