Tin wrote: > i using this rule to block this host > > iptables -A INPUT -s 202.96.170.189 -j DROP > iptables -A OUTPUT -d 202.96.170.189 -j DROP > iptables -A FORWARD -s 202.96.170.189 -j DROP > My nat script > iptables -A FORWARD -o $EXTERNAL_INTERFACE \ > -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > > iptables -A FORWARD -o $INTERNAL_INTERFACE \ > -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p > tcp \ > --sport $UNPRIVPORTS -d 10.0.0.2 --dport 80 \
Check the sequence of your rules. If these rules come before the DROP rules when you do the iptables -nvL, then they are accepting the packets before they make it to the DROP rule. bryan -- "A computer let's you make mistakes faster than any other invention, with the possible exception of handguns and Tequila." -- Mitch Ratcliffe
