Skip to main content
Unix & Linux

Return to Question

Grammar corrections
Source Link
dubafek
dubafek
  • 133
  • 1
  • 1
  • 5

I'm using IPtables and I have a doubt thatfor which I can't find an answer. I want to apply a rule in the PREROUTING part of the nat table. The rule is supposed to execute a chain but I want it to be executed for every interfacesinterface except for two of them. I can't use wildcards because I need all of the other interfaces regardless of their name (say I can't have it).

I have applied this rule:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0

That results into this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in     out     source       destination
10   1538  my_chain   all  -- !eth0   *       0.0.0.0/0    0.0.0.0/0

But I need something like this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in               out     source      destination
10   1538  my_chain   all  -- !(eth0 or tun0)   *       0.0.0.0/0   0.0.0.0/0

The thing is it can notcannot be in two different rules because one of thisthese two interfaces will enter into the other's interfaceother interface's rule. I also tried something like:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0 ! -i tun0

But it returns: multiple -i flags not allowed

BassicallyBasically, I need a way to implement that or in the interface condition or !eth0 and !tun0 (logical equivalent).

I'm using debian with iptables v1.4.21.

Thanks for your help!

I'm using IPtables and I have a doubt that I can't find. I want to apply a rule in the PREROUTING of the nat table. The rule is supposed to execute a chain but I want it to be executed for every interfaces except for two of them. I can't use wildcards because I need all of the other interfaces regardless their name (say I can't have it).

I have applied this rule:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0

That results into this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in     out     source       destination
10   1538  my_chain   all  -- !eth0   *       0.0.0.0/0    0.0.0.0/0

But I need something like this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in               out     source      destination
10   1538  my_chain   all  -- !(eth0 or tun0)   *       0.0.0.0/0   0.0.0.0/0

The thing is it can not be in two different rules because one of this two interfaces will enter into the other's interface rule. I also tried something like:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0 ! -i tun0

But it returns: multiple -i flags not allowed

Bassically I need a way to implement that or in the interface condition or !eth0 and !tun0 (logical equivalent).

I'm using debian with iptables v1.4.21.

Thanks for your help!

I'm using IPtables and I have a doubt for which I can't find an answer. I want to apply a rule in the PREROUTING part of the nat table. The rule is supposed to execute a chain but I want it to be executed for every interface except for two of them. I can't use wildcards because I need all of the other interfaces regardless of their name (say I can't have it).

I have applied this rule:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0

That results into this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in     out     source       destination
10   1538  my_chain   all  -- !eth0   *       0.0.0.0/0    0.0.0.0/0

But I need something like this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in               out     source      destination
10   1538  my_chain   all  -- !(eth0 or tun0)   *       0.0.0.0/0   0.0.0.0/0

The thing is it cannot be in two different rules because one of these two interfaces will enter into the other interface's rule. I also tried something like:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0 ! -i tun0

But it returns: multiple -i flags not allowed

Basically, I need a way to implement that or in the interface condition or !eth0 and !tun0 (logical equivalent).

I'm using debian with iptables v1.4.21.

Thanks for your help!

Source Link
dubafek
dubafek
  • 133
  • 1
  • 1
  • 5

IPTables rule for neither of two interfaces

I'm using IPtables and I have a doubt that I can't find. I want to apply a rule in the PREROUTING of the nat table. The rule is supposed to execute a chain but I want it to be executed for every interfaces except for two of them. I can't use wildcards because I need all of the other interfaces regardless their name (say I can't have it).

I have applied this rule:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0

That results into this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in     out     source       destination
10   1538  my_chain   all  -- !eth0   *       0.0.0.0/0    0.0.0.0/0

But I need something like this:

Chain PREROUTING (policy ACCEPT 19 packets, 3008 bytes)
pkts bytes target     prot opt in               out     source      destination
10   1538  my_chain   all  -- !(eth0 or tun0)   *       0.0.0.0/0   0.0.0.0/0

The thing is it can not be in two different rules because one of this two interfaces will enter into the other's interface rule. I also tried something like:

iptables -t nat -A PREROUTING -j my_chain ! -i eth0 ! -i tun0

But it returns: multiple -i flags not allowed

Bassically I need a way to implement that or in the interface condition or !eth0 and !tun0 (logical equivalent).

I'm using debian with iptables v1.4.21.

Thanks for your help!