IPTABLE: using same port for 2 PC behind firewall (linux-box)

My LAN's config is:

ROUTER ----- LINUXBOX ---- PC1 & PC2

I want to play Age of Empires in both PC but I don't know
how open the same pot (47624) for both PC.
I have opened port for PC1 but not for PC2.

Someone can help me ?

Thanks

On 2004-10-06, Nicola <(E-Mail Removed)> wrote:
> I want to play Age of Empires in both PC but I don't know
> how open the same pot (47624) for both PC.

A port doesn't depend by the PC. If the port is opened for the
internal network, is opened and that's it. See the firewall-howto.
Davide

--
It's all GNU to me.

-- From a Slashdot.org post

On 2004-10-06, Davide Bianchi <(E-Mail Removed)> wrote:
> On 2004-10-06, Nicola <(E-Mail Removed)> wrote:
>> I want to play Age of Empires in both PC but I don't know
>> how open the same pot (47624) for both PC.
>
> A port doesn't depend by the PC. If the port is opened for the
> internal network, is opened and that's it. See the firewall-howto.

I suppose his router or linux box forwards the port to one of the
PC.


--
Marco Dieckhoff
icq# 22243433
GPG Key 0x1A6C95BA -- http://www.frankonia-brunonia.de/keys

Nicola <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> My LAN's config is:
>
> ROUTER ----- LINUXBOX ---- PC1 & PC2
>
> I want to play Age of Empires in both PC but I don't know
> how open the same pot (47624) for both PC.
> I have opened port for PC1 but not for PC2.

If the linuxbox is doing NAT, I am not sure you can. You are using
port forwarding, and cannot forward to more than one machine as far as
I know.

Most games have a range of ports they use, for this reason - you can
set separate sub-ranges up for different targets inside the firewall.

I'm not sure what 47624 is used for, unless it be that you are hosting
a game, I thought that AoE used 2300 to 2400.

I can't see why a firewall would not allow you to make an outgoing
connection to someone who is hosting a game via his 47624 and then
allow incoming connctions to either machine using subranges of 2300 to
2400

If you wnat to host a game, you are going to have to put up with one
machine.

Nicola schrieb:
> My LAN's config is:
>
> ROUTER ----- LINUXBOX ---- PC1 & PC2
>
> I want to play Age of Empires in both PC but I don't know
> how open the same pot (47624) for both PC.
> I have opened port for PC1 but not for PC2.
>
> Someone can help me ?
>
> Thanks

AoE runs on Linux?

Whatever: Normally games allow changing their in and outgoing ports as
you prefer, so check the network settings of the game and change the
port of one of the PC's game to another port and edit it on your
linuxbox that it fits.

--
Bernhard | theEdge
-Linux User #368478-
http://www.alf.at.tc
Austrian Linux Forum

On Wed, 06 Oct 2004 13:32:56 +0200, Marco Dieckhoff wrote:
> On 2004-10-06, Davide Bianchi <(E-Mail Removed)> wrote:
>> On 2004-10-06, Nicola <(E-Mail Removed)> wrote:
>>> I want to play Age of Empires in both PC but I don't know
>>> how open the same pot (47624) for both PC.
>>
>> A port doesn't depend by the PC. If the port is opened for the
>> internal network, is opened and that's it. See the firewall-howto.
>
> I suppose his router or linux box forwards the port to one of the
> PC.

Couldn't he then use a different port, and forward to the other PC? I
think you can translate in the router so that the PCs use the same port.
The outside network will have to see 2 different ports.

Alternatively buy 2 different IP addresses from your ISP. I believe
it costs Cdn$10/month extra from Rogers.

--
Juhan Leemet
Logicognosis, Inc.

>AoE runs on Linux?
No. I have a Linux Box as Firewall

>Whatever: Normally games allow changing their in and outgoing ports as
>you prefer, so check the network settings of the game and change the
>port of one of the PC's game to another port and edit it on your
>linuxbox that it fits.
I can't change port because AoE uses directx predefinited port

>I'm not sure what 47624 is used for, unless it be that you are hosting
>a game, I thought that AoE used 2300 to 2400.
AoE uses port 47624 for host and clients and a port-pool (in range
2300-2400) for do somenthing I don't know.

I use Firewall Builder to config my firewall and I based my config
on this document http://www.fwbuilder.org/archives/cat_games.html#000122

This is my script
################################################## #######

#!/bin/sh


iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP



cat /proc/net/ip_tables_names | while read table; do
test "X$table" = "Xmangle" && continue
iptables -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
iptables -t $table -F $chain
fi
done
iptables -t $table -X
done


#
# Rule 0(NAT)
#
echo "Rule 0(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.0/24 -d 192.168.1.50 --destination-port 4665 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.0/24 -d 192.168.2.1 --destination-port 4665 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.0/24 -d 192.168.1.50 --destination-port 4663 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.0/24 -d 192.168.2.1 --destination-port 4663 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.2.0/24 -d 192.168.2.136 --destination-port 4665 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p udp -s 192.168.2.0/24 -d 192.168.2.136 --destination-port 4663 -j SNAT --to-source 192.168.1.50
#
# Rule 1(NAT)
#
echo "Rule 1(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.50 --destination-port 4665 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -d 192.168.2.1 --destination-port 4665 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -d 192.168.1.50 --destination-port 4663 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -d 192.168.2.1 --destination-port 4663 -j DNAT --to-destination 192.168.2.136
#
# Rule 2(NAT)
#
echo "Rule 2(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.136 -d 192.168.1.50 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.136 -d 192.168.2.1 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.136 -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.136 -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.136 -d 192.168.1.50 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.136 -d 192.168.2.1 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.136 -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -s 192.168.2.136 -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.2.136 -d 192.168.2.136 --destination-port 2300:2350 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.2.136 -d 192.168.2.136 --destination-port 47624 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p udp -s 192.168.2.136 -d 192.168.2.136 --destination-port 2300:2350 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p udp -s 192.168.2.136 -d 192.168.2.136 --destination-port 47624 -j SNAT --to-source 192.168.1.50
#
# Rule 3(NAT)
#
echo "Rule 3(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.50 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p tcp -d 192.168.2.1 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -d 192.168.1.50 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
iptables -t nat -A PREROUTING -p udp -d 192.168.2.1 --destination-port 2300:2350 -j DNAT --to-destination 192.168.2.136
#
# Rule 4(NAT)
#
echo "Rule 4(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.137 -d 192.168.1.50 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.137 -d 192.168.2.1 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.137 -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.137 -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -s 192.168.2.137 -d 192.168.1.50 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -s 192.168.2.137 -d 192.168.2.1 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -s 192.168.2.137 -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -s 192.168.2.137 -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.2.137 -d 192.168.2.137 --destination-port 2351:2400 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.2.137 -d 192.168.2.137 --destination-port 47624 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p udp -s 192.168.2.137 -d 192.168.2.137 --destination-port 2351:2400 -j SNAT --to-source 192.168.1.50
iptables -t nat -A POSTROUTING -o eth0 -p udp -s 192.168.2.137 -d 192.168.2.137 --destination-port 47624 -j SNAT --to-source 192.168.1.50
#
# Rule 5(NAT)
#
echo "Rule 5(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.50 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p tcp -d 192.168.2.1 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -d 192.168.1.50 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
iptables -t nat -A PREROUTING -p udp -d 192.168.2.1 --destination-port 2351:2400 -j DNAT --to-destination 192.168.2.137
#
# Rule 6(NAT)
#
echo "Rule 6(NAT)"
#
#
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.130-192.168.2.150
iptables -t nat -A PREROUTING -p tcp -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.130-192.168.2.150
iptables -t nat -A PREROUTING -p udp -d 192.168.1.50 --destination-port 47624 -j DNAT --to-destination 192.168.2.130-192.168.2.150
iptables -t nat -A PREROUTING -p udp -d 192.168.2.1 --destination-port 47624 -j DNAT --to-destination 192.168.2.130-192.168.2.150
#
# Rule 7(NAT)
#
echo "Rule 7(NAT)"
#
# Qualsiasi cosa che esce dalla
# rete viene NATtato su eth0
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.50
#
#


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

#
# Rule 0(lo)
#
echo "Rule 0(lo)"
#
#
#
iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o lo -m state --state NEW -j ACCEPT
#
# Rule 0(global)
#
echo "Rule 0(global)"
#
# Permetto l'uso dei servizi
# SSH, HTTP, HTTPS, POP3,
# SAMBA
# alle reti interne
#
iptables -N Cid4141CD0F.0
iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -j Cid4141CD0F.0
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -j Cid4141CD0F.0
iptables -N Cid4141CD0F.1
iptables -A Cid4141CD0F.0 -d 192.168.1.50 -m state --state NEW -j Cid4141CD0F.1
iptables -A Cid4141CD0F.0 -d 192.168.2.1 -m state --state NEW -j Cid4141CD0F.1
iptables -A Cid4141CD0F.1 -p tcp -m multiport --destination-port 22,80,443,110,10000,445 -m state --state NEW -j ACCEPT
#
# Rule 1(global)
#
echo "Rule 1(global)"
#
# Permetto i ping
# all'interno della rete
#
iptables -A INPUT -p icmp -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A INPUT -p icmp -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p icmp -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p icmp -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p icmp -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p icmp -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
#
# Rule 2(global)
#
echo "Rule 2(global)"
#
# Game e File Sharing
# OUT
#
iptables -N RULE_2
iptables -A INPUT -p tcp -s 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A INPUT -p udp -s 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A INPUT -p udp -s 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A OUTPUT -p tcp -s 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A OUTPUT -p tcp -s 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A OUTPUT -p udp -s 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A OUTPUT -p udp -s 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A FORWARD -p tcp -s 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A FORWARD -p tcp -s 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_2
iptables -A FORWARD -p udp -s 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A FORWARD -p udp -s 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_2
iptables -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT "
iptables -A RULE_2 -j ACCEPT
#
# Rule 3(global)
#
echo "Rule 3(global)"
#
# Game e File Sharing
# IN
#
iptables -N RULE_3
iptables -A OUTPUT -p tcp -d 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A OUTPUT -p tcp -d 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A OUTPUT -p udp -d 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A OUTPUT -p udp -d 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A INPUT -p tcp -d 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A INPUT -p tcp -d 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A INPUT -p udp -d 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A INPUT -p udp -d 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A FORWARD -p tcp -d 192.168.1.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A FORWARD -p tcp -d 192.168.2.0/24 --destination-port 4665 -m state --state NEW -j RULE_3
iptables -A FORWARD -p udp -d 192.168.1.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A FORWARD -p udp -d 192.168.2.0/24 --destination-port 4663 -m state --state NEW -j RULE_3
iptables -A RULE_3 -j LOG --log-level info --log-prefix "RULE 3 -- ACCEPT "
iptables -A RULE_3 -j ACCEPT
#
# Rule 4(global)
#
echo "Rule 4(global)"
#
# AOE
# Connessione in uscita
#
iptables -N RULE_4
iptables -A INPUT -p tcp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A INPUT -p tcp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A INPUT -p tcp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A INPUT -p udp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A INPUT -p udp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A INPUT -p udp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p tcp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p tcp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p tcp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p udp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p udp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A OUTPUT -p udp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A FORWARD -p tcp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A FORWARD -p tcp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A FORWARD -p tcp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A FORWARD -p udp -s 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_4
iptables -A FORWARD -p udp -s 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_4
iptables -A FORWARD -p udp -s 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_4
iptables -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT "
iptables -A RULE_4 -j ACCEPT
#
# Rule 5(global)
#
echo "Rule 5(global)"
#
# AOE
# Connessione in entrata
#
iptables -N RULE_5
iptables -A OUTPUT -p tcp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A OUTPUT -p tcp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A OUTPUT -p tcp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A OUTPUT -p udp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A OUTPUT -p udp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A OUTPUT -p udp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A INPUT -p tcp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A INPUT -p tcp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A INPUT -p tcp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A INPUT -p udp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A INPUT -p udp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A INPUT -p udp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A FORWARD -p tcp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A FORWARD -p tcp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A FORWARD -p tcp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A FORWARD -p udp -d 192.168.2.0/24 --destination-port 2300:2350 -m state --state NEW -j RULE_5
iptables -A FORWARD -p udp -d 192.168.2.0/24 --destination-port 2351:2400 -m state --state NEW -j RULE_5
iptables -A FORWARD -p udp -d 192.168.2.0/24 --destination-port 47624 -m state --state NEW -j RULE_5
iptables -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- ACCEPT "
iptables -A RULE_5 -j ACCEPT
#
# Rule 6(global)
#
echo "Rule 6(global)"
#
# Accesso a Internet per
# qualsiasi servizio
#
iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.2.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
#
# Rule 7(global)
#
echo "Rule 7(global)"
#
# Blocco qualsiasi servizio
#
iptables -N RULE_7
iptables -A OUTPUT -j RULE_7
iptables -A INPUT -j RULE_7
iptables -A FORWARD -j RULE_7
iptables -A RULE_7 -j LOG --log-level info --log-prefix "RULE 7 -- DENY "
iptables -A RULE_7 -j DROP
#
#
echo 1 > /proc/sys/net/ipv4/ip_forward




################################################## #######