Rules before DNAT

Jacky1668 · 05-16-2004, 09:27 PM

I have setup the firewall to run DNAT from internet to a server in DMZ for HTTP and SMTP,
Is it possible to block some source ips before it cann dnat to my the sever in dmz? I found that after i run the dnat rules, the rule ( iptables - I INPUT -i eth0 -s abc.xxxx.xxx.zzz -j DROP) cannot block the access from abc.xxx.xxx.zzz to my email server.

Regards

ppuru · 05-17-2004, 03:41 AM

You can

#iptables -t nat -A PREROUTING -s <source ip> -j DROP

to keep unwanted visitors out of your net.

Jacky1668 · 05-17-2004, 10:16 PM

Thanks. Problem solved.