This might be a stupid question...
Fri, 15 Mar 2002 15:52:14 +0100
Ted Fines wrote:
> The OUTPUT chain only deals with packets originating from the firewall
> itself. Your rule is fine, but you want to add it to the FORWARD chain
> instead, which deals with packets going to/from your network to/from the
> iptables -A FORWARD -o ppp0 -d 220.127.116.11 -j DROP
Wouldn't this be better, assuming that it's only http traffic to block?
iptables -A FORWARD -p tcp -o ppp0 -d 18.104.22.168 --dport 80 -j REJECT
With DROP, the clients tries several times to connect and then times out.
With reject, he feels as if 22.214.171.124's http server was down and gives