[LUGOS-SEC] netfilter MARK match
Borut Mrak
b at aufbix.org
Tue Feb 5 19:30:39 CET 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 05 February 2002 19:23, you wrote:
> Na eni strani jih oznacim (din. IP):
> iptables -t mangle -A OUTPUT -o ppp0 -p tcp -d 1.2.3.4 --dport 555 \
> -j MARK --set-mark 666
> Na drugi strani (1.2.3.4) pa spustim skozi:
> iptables -t mangle -A PREROUTING -m mark --mark 666 -i eth0 -p tcp \
> --dport 555 -j ACCEPT
>
> Stvar mi ne deluje. Kje sem falil?
Pri tem, da MARK deluje samo na eni masini, ne pa cez mrezo ;-]
Tole kar pocnes lahko resis z nekaksno obliko avtentikacije...cetudi bi
fwmark deloval cez mrezo, bi to ne bilo dobro, ker si lahko tale mark nastavi
vsakdo. Kaksen IPsec ti bo resil zadevo..
lp,
- --
Borut
b at aufbix.org
- ------------
Monogamy leaves a lot to be desired.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjxgJM8ACgkQRUVvbWYRhILJrQCgp2vD4uBvQxaeiKZj2ogyxHdO
76EAni5wBTUpklG5H/NGBOBUUyf1HWDj
=pf+5
-----END PGP SIGNATURE-----
More information about the lugos-sec
mailing list