RV: This might be a stupid question...
Daniel Elías Robles
d.robles@codetel.net.do
Thu, 14 Mar 2002 18:08:43 -0500
This is a multi-part message in MIME format.
------=_NextPart_000_002B_01C1CB83.46F6AC90
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
----- Original Message -----=20
From: Daniel El=EDas Robles=20
To: sniper@wpi.edu=20
Sent: Thursday, March 14, 2002 5:56 PM
Subject: RE: This might be a stupid question...
The OUTPUT rules is for packets originated in you firewall box, then =
this rule you tell us does not work as you expect.
In order to avoid that you need to set a rule like this.
iptables -I FORWARD -d 63.211.210.20 -i internal_interface -j DROP
This way packets traversing the kernel into a different destination will =
be droped in the first moment they are checked.
You need to take care of the order you place the rules in your script, =
that is why I inserted the rule, so it is the first rule check in the =
FORWARD chain.
Hope this helps.
Daniel
----- Original Message -----=20
From: Ryan Clarke=20
To: netfilter@lists.samba.org=20
Sent: Thursday, March 14, 2002 2:37 PM
Subject: This might be a stupid question...
Alright guys, this might be a stupid question.
=20
I just transitioned from IPCHAINS to IPTABLES and I'm trying to ban =
the computers in my network from reaching a webpage (ads.x10.com....the =
hated X10 ads!). The command I'm trying to use is as follows:
=20
iptables -A OUTPUT -o ppp0 -d 63.211.210.20 -j DROP
=20
It executes fine, HOWEVER I can still get to that webpage. Any help?
=20
Thanks a lot.
=20
Ryan Clarke
sniper@wpi.edu
------=_NextPart_000_002B_01C1CB83.46F6AC90
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1252" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV> </DIV>
<DIV style=3D"FONT: 10pt arial">----- Original Message -----=20
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A=20
href=3D"mailto:d.robles@codetel.net.do" =
title=3Dd.robles@codetel.net.do>Daniel El=EDas=20
Robles</A> </DIV>
<DIV><B>To:</B> <A href=3D"mailto:sniper@wpi.edu"=20
title=3Dsniper@wpi.edu>sniper@wpi.edu</A> </DIV>
<DIV><B>Sent:</B> Thursday, March 14, 2002 5:56 PM</DIV>
<DIV><B>Subject:</B> RE: This might be a stupid question...</DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>The OUTPUT rules is for packets =
originated in you=20
firewall box, then this rule you tell us does not work as you=20
expect.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>In order to avoid that you need to set =
a rule like=20
this.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>iptables -I FORWARD -d 63.211.210.20 -i =
internal_interface -j DROP</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>This way packets traversing the kernel =
into a=20
different destination will be droped in the first moment they are=20
checked.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>You need to take care of the order you =
place the=20
rules in your script, that is why I inserted the rule, so it is the =
first rule=20
check in the FORWARD chain.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Hope this helps.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Daniel</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A href=3D"mailto:ryan.clarke@verizon.net" =
title=3Dryan.clarke@verizon.net>Ryan=20
Clarke</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
href=3D"mailto:netfilter@lists.samba.org"=20
title=3Dnetfilter@lists.samba.org>netfilter@lists.samba.org</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, March 14, 2002 =
2:37=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> This might be a stupid =
question...</DIV>
<DIV><BR></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial =
size=3D2>Alright guys, this=20
might be a stupid question.</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial size=3D2>I =
just=20
transitioned from IPCHAINS to IPTABLES and I'm trying to ban the =
computers in=20
my network from reaching a webpage (ads.x10.com....the hated X10 =
ads!). The=20
command I'm trying to use is as follows:</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial =
size=3D2>iptables -A OUTPUT=20
-o ppp0 -d 63.211.210.20 -j DROP</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial size=3D2>It =
executes fine,=20
HOWEVER I can still get to that webpage. Any help?</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial =
size=3D2>Thanks a=20
lot.</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial size=3D2>Ryan =
Clarke</FONT></SPAN></DIV>
<DIV><SPAN class=3D470313419-14032002><FONT face=3DArial=20
size=3D2>sniper@wpi.edu</FONT></SPAN></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_002B_01C1CB83.46F6AC90--