* [Cerowrt-devel] bcp 38
@ 2013-06-17 6:07 Dave Taht
0 siblings, 0 replies; only message in thread
From: Dave Taht @ 2013-06-17 6:07 UTC (permalink / raw)
To: cerowrt-devel
I have had this in place for ages, hopefully blocking egress of local
networks outside the nat. It appears to work...
iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j DROP
but what I'd wanted was to actually send a reason for it, but putting
the reason in icmp...
iptables -t mangle -I POSTROUTING -d
192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j REJECT
--reject-with icmp-host-unreachable
but that doesn't, saying that I can't put it in the mangle table, and
there isn't a postrouting table in the filter table...
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-06-17 6:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-17 6:07 [Cerowrt-devel] bcp 38 Dave Taht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox