I'm trying to create an ipchains rule which will take any output from localhost - SAMBA port 139 (for instance) that's going to eth0 and DROP it.

So far, every attempt I've made to write a rule to do that has failed, it doesn't show up when I do:
# ipchains -vnL

Here are examples of what I tried that failed:

iptables -A OUTPUT -o eth0 -p tcp --sport 901 --syn -j DROP
iptables -A OUTPUT -o eth0 -p udp --sport 901 -j DROP


The input from eth0 to port 901 drop command works fine:

iptables -A INPUT -i eth0 -p tcp --dport 901 -j DROP


thanks

the "-i" does not stand for input it's "interface". change the "-o" to a "-i"

/sbin/iptables -A OUTPUT -o eth0 -p tcp --sport 901 --syn -j DROP
change to:
/sbin/iptables -A OUTPUT -i eth0 -p tcp --sport 901 --syn -j DROP

I'll give it a try - thanks

iptables v1.3.8: Can't use -i with OUTPUT

looks like the command was right to begin with (a look at the ipchains man file says -o is out interface, -i is input interface


Chain OUTPUT (policy ACCEPT 3 packets, 211 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:901
0 0 DROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:901 flags:0x17/0x02
0 0 DROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:137
0 0 DROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:137

with the matching rules:

iptables -A OUTPUT -o eth0 -p udp --sport 901 -j DROP
iptables -A OUTPUT -o eth0 -p tcp --sport 901 --syn -j DROP
iptables -A OUTPUT -o eth0 -p tcp --sport 137 -j DROP
iptables -A OUTPUT -o eth0 -p udp --sport 137 -j DROP


The problems appears to be that it didn't like where I put the second batch of drop rules at the end, and then, for some reason, ipchains either REALLY doesn't like:
-p all
or I somehow failed to use it properly.

Thanks anyway, you got me on what I think is the right track. I've made more progress in the last few minutes than I've made in the last few days.