never used iptables before, start trying out.

-------------------------
Have two computer on a network with IP (192.168.0.12 and 192.168.0.44) respectively

on the 192.168.0.12 computer I input:
iptables -A FORWARD -i ethx -s 192.168.0.44 -j REJECT

why can computer with 192.168.0.44 still ping 192.168.0.12?
-------------------------------------------------------------------------------

If that truely is an "x" in your IPTABLES line, then you've just shot yourself in the foot. Make sure it is set to eth0 or eth1 respectfully.

If it is set to the number, then I think you want to change REJECT to DROP. Not entirely sure on that, but I was thinking REJECT isn't a legit statement, meaning that it works but wasn't syntackfully correct.

Someone will likely set me either correct or wrong on the reject thing.

surely it must ping
u must prefer one of the followings to block packets which come from 192.168.0.44 on computer with 192.168.0.12 ip.
iptables -A INPUT -s 192.168.0.44 -j DROP
or
iptables -A INPUT -s 192.168.0.44 -j REJECT

try this if you only wana block ping .12 from .44


iptables -A INPUT -p icmp -s 192.168.0.44 -j REJECT


if you want to block everything from .44 then tries this

iptables -A FORWARD -s 192.168.0.44 -j DROP



regards

what's the different between input chain and forward chain?

Since your blocking from .44 shouldn't it be "iptables -A INPUT -s 192.168.0.44 -j DROP" ?

Your incoming packets destined to your computer are checked against the rules in the INPUT chain. But FORWARD chain is for packets that comes to your computer but not destined to your computer; ie. willing to be forwarded. For example in a gateway computer; FORWARD chain can be used to control incoming/outgoing traffic. And yes, it should be INPUT chain in the example mardanian gave. Packets that related with forwarding goes _only_ through FORWARD chain, not both FORWARD and INPUT chains.

If you want to learn more about iptables, then please read this nice tutorial

http://iptables-tutorial.frozentux.n...-tutorial.html

I was hoping there is a iptables tutorial for dummy

what does it mean by masquerade, ip contrack, mangle packet, TOS

I also saw Prerouting and Postrouting chains, can those be viewed? When I type iptables -L I only saw 3

iptables -nvL
iptables -t nat -nvL
iptables -t mangle -nvL

Masquerading is letting the internal network computers access to internet via a gateway that has a dynamic ip address. When an internal computer requests some data from the Internet; gateway changes the source address and do the request as it's coming from him and do the reverse when the reply come back.

conntrack is a iptables module that is used for doing connection tracking. Connection tracking is tracking a packet's connection that it is coming for or going out. For example you can block all SSH traffic or block SSH traffic that isn't belonging to an already established connection. Latter can be done by conntrack

packet mangling is a general term and means altering packet data. For example, when doing source nat and destination nat we alter the packets headers.

I know TOS as Type of Service, but i am not sure.

this page links to some good scripts you can learn from, as well as faqs and howtos:

http://www.linuxguruz.com/iptables/