By j-mart ·
I have been looking at my firewall script
on my home network. I am using a firewall /
gateway on a linux machine, using iptables.
My question is : from reading man pages and
one of my books if I want to block packets
from a particular IP address I can type at
command line - iptables -A INPUT -s -j DROP - and, in this case
I should not be able to connect to youtube.
I must be getting something wrong as this
line does not stop me from reaching
youtube. can anyone tell me what I have
done wrong ?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

more to add

by j-mart In reply to iptables

I can on various Linux machines on network type in iptables commands and get desired results. When I use same commands on gateway machine it won't block web site either with domain name or IP address. I will do some more googling for answers but I have yet to find anything that tells me where I have gone wrong. The config script I am using is adapted from the example in Linux iptables howto.

Collapse -

Help with iptables

by deity_chooch In reply to more to add

It appears that your firewall is set up to block data coming from YouTube to you, not _vice_versa_. If you want to block your <acronym title="Local Area Network">LAN</acronym> from getting there, you will need to change to the "d" option (for destination). Make sure you are putting this rule into the correct chain as well.<br/><br/>

It also depends on the order that your iptables is in. The "A" command tells iptables you are appending the rule to the end of the chain. If there is a previous rule that allows that traffic, this rule will be ignored. If you want to give this rule priority, try giving it the "I" command (for Insert).

Collapse -

Got there in the end

by j-mart In reply to Help with iptables

After an afternoon of reserch and reading got it sorted

1. If I inserted desired iptables rule into start of chain rather than usng the A option as you sugested blocked site on gateway machine

2. Inserting this into the INPUT chain only blocked gateway machine and not rest of machines on private network. When I inserted a rule into FORWARD chain enabled blocking on internal networked machines.

I'm not completly certain but I think the -d option enables me to block a particular machine on internal network. I would need to play around with this to see how it works.

Thanks for getting me started in the right direction to get this working.

Back to Linux Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums