try this... $IPTABLES -A INPUT -p tcp -s x.x.x.x/y.y.y.y -m tcp --dport zz -j REJECT x.x.x.x ip address or net address y.y.y.y subnet mask (optional) zz port (smtp = 25)
hey, why not do an iptables-save >/etc/sysconfig/iptables edit the file, and let the scripts restore it for you with an iptables-restore </etc/sysconfig/iptables also, please visit www.netfilter.org and read more docs about this filtering suite in the linux kernel. good luck! -adrian Quoting Ina Patricia Lopez <[EMAIL PROTECTED]>: > i cant seem to make it work. > while i enjoy full internet access through iptables with masq, i want > to block some destination ip addresses and ports. how do i do that with > iptables? > > echo 1 > /proc/sys/net/ipv4/ip_forward > $IPTABLES -v -A INPUT -i eth0 -s x.x.x.x -j DROP > $IPTABLES -v -A INPUT -i eth0 -j LOG --log-level 6 > $IPTABLES -v -A INPUT -i lo -j ACCEPT > $IPTABLES -v -A INPUT -i eth0 -j ACCEPT > $IPTABLES -v -t nat -A POSTROUTING -o eth0 -j MASQUERADE ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
