I have a Linux box used as NAT server and firewall. All requests on its port 80 are forwarded to a local webserver inside my network. I want to block access to all services including http from a specific external host. I'm using the following rule to block the host iptables -A INPUT -i $extint -s $hostip -j DROP and this one to do the NAT iptables -t nat -A PREROUTING -p tcp --dport 80 -d $extip -j DNAT --to $webserverip:80 The problem is that the host is blocked from accessing all services but http. I've already checked if there are any rules before that ACCEPT the request. It seems that prerouted packets are bypassing the INPUT chain. Is it correct? If not, what am I doing wrong? TIA Carlos Fa=E7anha carlos.facanha@uol.com.br --- UOL, o melhor da Internet http://www.uol.com.br/
