hello everyone
i am using open suse 11 and i installed IPTABLES i want to right IPTABLES instructions that block any web site

i tried this but it doesnt work

iptables -A INPUT -i eth0 -s 69.49.140.245 -j DROP

Did you check first that you weren't fighting with the SuSEFirewall2 system, which has been known to override hand-amended firewall rulesets? In effect, do you know that the ruleset was what you expected before you changed it and that your change was made?

Secondly, you are not behind a router (anything that is, in effect, a router, whether it says that on the box or not, e.g., some of the ADSL modems are in efect routers)?

If those are both ok, it would be a lot easier if we could see more of your ruleset than this as something else may be coming into play.

Additionally, note that this will only work with nominated ip addresses and if the web site uses more than one or it changes, that will be problematic. As it will be if the web site changes ip address, of course.

Look in /etc/sysconfig/SuSEfirewall2. You can enter the name of a file with your own rules to add.

You might want to block outbound traffic instead of INPUT to block contacting a the website.

Part of the reason your rule didn't work is because it is located after a rule that accepted the traffic.
Use the OUTPUT or INPUT filter to only list the table you need and insert the rule where it needs to be.
If your test iptables command works, then edit /etc/sysconfig/SuSEfirewall2 and /etc/sysconfig/scripts/SuSEfirewall2-custom so that your rule is run when the firewall service starts.

Because the OUTPUT table is probably not used much, you could create a startup script in /etc/rc.d/ that runs after the SuSEfirewall2 service and inserts a rule before the others in the OUTPUT table. If you use -I instead of -A to insert the rule instead of -A (adding) the rule your iptables command would probably work.

ok guys thanks for the help

the rule that block the IP address it works and it added to the firewall rules BUT the problem is i am surfing on the internet using proxy so how can i do that
like even if the iptables block the IP address my PC doesnt really connect to that ip cuz it connects to the proxy server then

Applying iptables firewall rules: Bad argument `any'
Error occured at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Is this supposed in some way to be relevant (and are you a sock puppet?) to the original problem or is it a new problem which is only related to the original problem in that it also concerns iptables?

If this is a new problem (and then a new thread probably would have been a better choice) the information that you give is that you have an error in line 12, but you don't give any details of what might be in line 12 or any context so that someone can see what line 12 should be doing. This does not seem like an action likely to lead to anyone knowing enough about your circumstances to offer you much help.

I shouldn't do this from memory, but offhand I can't think of many (any?) iptables commands where 'any' is a vaid argument, so that could be your problem. but you will have looked at that when you saw the error message, won't you? It is unknown to me what kind of outcome you hope for from posting this fragment.