Iptables redirect AFTER INPUT/FORWARD chain processing
I have a webserver listening on port 79, and showing the splash page, no matter what the request. When I put this in my nat table:
iptables -t nat -D PREROUTING -i eth0 -p tcp -j REDIRECT --to-port 79
I get the desired effect. Only problem is that I don't know till much later for which hosts I need this.
I have a fairly complex firewall that processes *a lot* of rules in it's INPUT and FORWARD chains. What I need to do, is to redirect all the packets that INPUT and FORWARD would have dropped, to that port, for the permanent splash page.
1) Is there a way?
2) Should I maybe tag/mangle the packets that would have been dropped and then redirect at POSTROUTING? (Very tedious)
3) Can I redirect directly from INPUT/FORWARD?
4) Can I send the packet back to PREROUTING from INPUT/FORWARD?
Would much appreciate any info you have!
|All times are GMT -5. The time now is 02:38 PM.|