iptables - allow pings to forwarded group
I use a linux box as my NAT router for my LAN. I am setting up port forwarding on port 6111 to internal LAN client 192.168.0.105 for an online game. This is triggered with a set of conditions (not the subject of this post). I want to only allow pings from the outside of my network to those that are participating in the game. For the duration of the game, I plan on adding the following iptables rules. Will this work?
$IPT -A PREROUTING -i eth1 -p tcp -m tcp --dport 6111 -j DNAT --to-destination 192.168.0.105:6111
$IPT -A FORWARD -d 192.168.0.105 -i eth1 -p tcp -m tcp --dport 6111 -m recent --set --rsource --name gamepool -j ACCEPT
$IPT -I INPUT -i eth1 -p icmp -m recent --rcheck --name gamepool -j ACCEPT
(assuming $IPT is /sbin/iptables and my external interface is eth1).
Thanks
|