Sample Header Ad - 728x90

iptables rule not working as expected

1 vote
1 answer
55 views
iptables firewall lan dmz
I cannot get this one rule working right. My interfaces: 
#WAN
auto wan0
iface wan0 inet dhcp

#LAN
auto lan0.7
iface lan0.7 inet static
    address 172.17.7.1
    netmask 255.255.255.0
    vlan-raw-device lan0

#DMZ
auto lan0.17
iface lan0.17 inet static
    address 172.17.17.1
    netmask 255.255.255.0
    vlan-raw-device lan0
The iptables rule I am having trouble with: iptables -A FORWARD -i lan0.17 -o lan0.7 -j DROP The goal here is to block DMZ traffic to LAN, but to allow it the other way around.  The rule above cuts LAN to DMZ too.  What am I doing wrong here? Output of iptables -nvL: Chain INPUT (policy ACCEPT 578 packets, 70339 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 2062 packets, 173K bytes) pkts bytes target prot opt in out source destination 164 13776 DROP 0 -- lan0.17 lan0.7 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 402 packets, 33334 bytes) pkts bytes target prot opt in out source destination
Asked by Lee (11 rep)
Mar 4, 2024, 09:01 PM
Last activity: Mar 5, 2024, 12:21 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "iptables"
More questions tagged "firewall"
More questions tagged "lan"
Footer Ad - 728x90