I have been looking at my firewall script
on my home network. I am using a firewall /
gateway on a linux machine, using iptables.
My question is : from reading man pages and
one of my books if I want to block packets
from a particular IP address I can type at
command line - iptables -A INPUT -s
www.youtube.com -j DROP - and, in this case
I should not be able to connect to youtube.
I must be getting something wrong as this
line does not stop me from reaching
youtube. can anyone tell me what I have
done wrong ?
- Follow via:
- RSS
- Email Alert
Question
0
Votes
Answers (1)
0
Votes
more to add
I can on various Linux machines on network type in iptables commands and get desired results. When I use same commands on gateway machine it won't block web site either with domain name or IP address. I will do some more googling for answers but I have yet to find anything that tells me where I have gone wrong. The config script I am using is adapted from the example in Linux iptables howto.
Updated - 28th Dec 2007
Replies
It appears that your firewall is set up to block data coming from YouTube to you, not _vice_versa_. If you want to block your LAN from getting there, you will need to change to the "d" option (for destination). Make sure you are putting this rule into the correct chain as well.
It also depends on the order that your iptables is in. The "A" command tells iptables you are appending the rule to the end of the chain. If there is a previous rule that allows that traffic, this rule will be ignored. If you want to give this rule priority, try giving it the "I" command (for Insert).
It also depends on the order that your iptables is in. The "A" command tells iptables you are appending the rule to the end of the chain. If there is a previous rule that allows that traffic, this rule will be ignored. If you want to give this rule priority, try giving it the "I" command (for Insert).
deity_chooch
28th Dec 2007
After an afternoon of reserch and reading got it sorted
1. If I inserted desired iptables rule into start of chain rather than usng the A option as you sugested blocked site on gateway machine
2. Inserting this into the INPUT chain only blocked gateway machine and not rest of machines on private network. When I inserted a rule into FORWARD chain enabled blocking on internal networked machines.
I'm not completly certain but I think the -d option enables me to block a particular machine on internal network. I would need to play around with this to see how it works.
Thanks for getting me started in the right direction to get this working.
1. If I inserted desired iptables rule into start of chain rather than usng the A option as you sugested blocked site on gateway machine
2. Inserting this into the INPUT chain only blocked gateway machine and not rest of machines on private network. When I inserted a rule into FORWARD chain enabled blocking on internal networked machines.
I'm not completly certain but I think the -d option enables me to block a particular machine on internal network. I would need to play around with this to see how it works.
Thanks for getting me started in the right direction to get this working.
j-mart@...
29th Dec 2007
