that is a bit vague...for instance if the clients' gateways are other boxes/routers/firewalls, and your attacked client is on the same LAN as the attackers, then your little firewall will do little to filter those packets. What's your infrastructure? In other words, does your 'attacked' client reside on a separate NIC off the little firewall and you are forwarding to it? if so, you need to filter on the FORWARD chain, etc. to make a sound and viable isolated network off of a firewall, it should reside on it's own NIC and the firewall will filter packets as they get passed from NIC to NIC or Network to Network. check out the Iptables tutorial for more info: http://iptables-tutorial.haringstad.com/iptables-tutorial.html > -----Original Message----- > From: netfilter-admin@lists.netfilter.org > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of > Ralph Churchill > Sent: Thursday, January 23, 2003 3:03 PM > To: netfilter@lists.netfilter.org > Subject: simply confusing > > > I work at a large company and was having some fellow > employees regularly scanning my box... so I put up a > little firewall. Here's my one and only rule: > > iptables -A INPUT --source 192.168.0.0/16 -j DROP > > Now, shouldn't that block any and ALL traffic from any > computer on the 192.168.*.* subnet? Do I need to be > more explicit? I also have snort running and I see > some stuff getting through... Thanks. > > RMC > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com