ipchains rule question: Destination ip
Joel Hammer
Joel
Mon May 17 11:34:36 PDT 2004
It has been so long since I set up my firewall I have forgotten why I did
this, so :
Here are two typical rules from my firewall (ipchains). Note that with one,
the target ip is 0.0.0.0, and with the other the target is 68.36.44.105,
which is the ip of the machine running the firewall. eth1 is the external
NIC facing the cable modem.
target tosa tosx ifname source destination ports
ACCEPT udp 0xFF 0x00 eth1 198.82.161.227 0.0.0.0 * -> 123
ACCEPT udp 0xFF 0x00 eth1 198.82.162.213 68.36.44.105 * -> 123
I have used 68.36.44.105 in a number of destinations in my ipchain
rules instead of 0.0.0.0, as noted above. As far as I can see, these
rules are equivalent, since my NIC, which is configured as 68.36.44.105,
will not look at packets not addressed to it, at least under ordinary
circumstances.
I would like to remove targets such as 68.36.44.105 and substitute 0.0.0.0
for all of them. Can someone suggest why this might not be a good idea?
For example, I am wondering what would happen if my NIC were to run in
PROMISCUOUS mode ?
Any insight appreciated,
Joel
More information about the Linux-users
mailing list