Blocking selected clients with iptables

Stephen Smith scsmith1451 at
Fri Dec 30 20:24:01 MST 2005

Jason K Larson wrote:

> Stephen Smith wrote:
>> I'm running 192.168.1.x network at home where I have several 
>> computers. One is a Win98 box.  I would like to block it from access 
>> to the internet (no security), yet maintain its ablility to talk to 
>> other computers and print servers on my internal network.  I'm using 
>> a separate RH9 box for my firewall with a address talking to 
>> my DSL Modem at, both hard coded.  I've been using gShield 
>> to configure my fw which has been rock solid for more that three 
>> years, however, it does not have any features that I recognize to 
>> block clients, only external hosts. So I've been trying to add rules 
>> to iptables directly to effect blockage.
>> I've tried -
>> iptables -A INPUT -s 192.168.1.x -d -j DROP
>> iptables -A INPUT -s 192.168.1.x -p ALL -d -j DROP
>> iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
>> iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport 
>> 80,8080,8008,443 -j DROP
>> and many variations of the above.  Yet none of them stop MSExplorer 
>> from accessing the net.  Not being a network guy but an Oracle guy, I 
>> need a bit of help to solve this problem.  Could someone out there 
>> help out a floundering DBA?
> Try such rules in POSTROUTING of the nat table, or in the OUTPUT or 
> FORWARD chains of the filter table.  Obviously these need to preceed 
> any other rules that would move then to another chain or table as is 
> likely happening with your INPUT chain.
> I'd personally recommend POSTROUTING of the nat table.
> -- 
> Jason K Larson
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */
Thanks that worked.

More information about the PLUG mailing list