The rule is in the wrong chain. The INPUT chain affects packets that
terminate at the same machine. You want to block packets that will be
passed on to the Internet, so your rule needs to be in the FORWARD chain.
(The OUTPUT chain affects packets that originate at your machine.)
Here's a nice collection of diagrams showing how packets flow through the
system:
<https://gist.github.com/nerdalert/a1687ae4da1cc44a437d>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
