Mailing List Archive: trying to block an internal ip

Hello Blake,

packets are put into INPUT chain when they are destined to the filtering
machine itself.
packets are put into OUTPUT chain when thay are originated from the
filtering machine itself.
packets are put into FORWARD chain when they are going transit through the
filtering machine.

so, if you need to block pass through traffic from 192.168.31.208 and your
incoming (internal) interface is $CLEANIF1, then you have to specify
/sbin/iptables -A FORWARD -i $CLEANIF1 -s 192.168.31.208 -j DROP

moreover, be sure that you do not have ACCEPT rule on your list above that
matches this source and this incoming interface also.

check the "order of going through tables and chains" in iptables tutorial.

regards,
Nikolay
e-mail: n_kanivets@futureservice.ru

----- Original Message -----
From: "Blake Patton" <pattonb@network1.ca>
To: <netfilter@lists.netfilter.org>
Sent: Monday, August 13, 2007 7:15 AM
Subject: trying to block an internal ip

>
> --
> I have been trying to block all traffic from an internal ip address, and
packets are still going out, (seen with tcpdump) I don't see any traffic
coming in for that ip. here are the rukles I have put in place.
>
> /sbin/iptables -A INPUT -i $CLEANIF1 -s 192.168.31.208 -j DROP
> /sbin/iptables -A INPUT -i $CLEANIF1 -d 192.168.31.208 -j DROP
>
> I thought this would shut down 192.168.31.208, however that is not the
case. any advice would be appreciated.
>
>
>
>
>
>