Quote:
Originally Posted by sudowtf
a good solution for not understanding iptables, might be to use webmin to edit the iptables firewall. that's how i did it before (and still do sometimes). it will certainly help you get your head around the concept before actually editing the iptables config.
but to answer more directly, I beleive you would add for example:
Code:
-A INPUT -s 8.8.8.8 -j DROP
or for a specific NIC, example eth0:
Code:
-A INPUT -s 8.8.8.8 -i eth0 -j DROP
i'll attach a screenshot of the firewall section of webmin for adding a rule in case it helps.
|
Excuse me, in what section should I add this string? Should it look like:
*filter
-A INPUT -s 8.8.8.8 -i eth1 -j DROP
-A FORWARD -s 192.168.1.0/24 -i eth0 -o eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.10/32 -i eth1 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -d 192.168.1.20/32 -i eth1 -p tcp -m tcp --dport 3390 -j ACCEPT
COMMIT
*nat
-A PREROUTING -d 192.168.0.178/32 -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.10:3389
-A PREROUTING -d 192.168.0.178/32 -i eth1 -p tcp -m tcp --dport 3390 -j DNAT --to-destination 192.168.1.20:3390
-A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
COMMIT
And why is INPUT, not OUTPUT? Cause I need to block outgoing traffic to IP 8.8.8.8...