On Fri, 1 Jun 2018, 14:47 siefke_listen@xxxxxx, <siefke_listen@xxxxxx> wrote: > Hello, > > I want use ad blocking with iptables so I found ipset which make life > easier. My question is how it work with Output format? > > iptables -I OUTPUT -m set --match-set adblock src -j REJECT will this work? I be not really sure and most what found > about ipset is input. > > Thanks for help > Silvio > Since you want to block the destination IP, not the source IP, you should use: -A OUTPUT -m set --match-set adblock dst -j REJECT I usually also add "--reject-with icmp-host-prohibited", that makes the detection of the blocked host easier: -A OUTPUT -m set --match-set adblock dst -j REJECT --reject-with icmp-host-prohibited >
