Please refer to the iptables tutorials to get a better idea of the chains and how a packet traverses it. INPUT and OUTPUT are only used by the firewall and not for forwarding packets. So in other words, if C1 or C2 sends a packet through G1 or G2, both G1 and G2 packets will not pass through those 2 chains. What you want is FORWARD. ie.(rule below drops everything C1 is trying to get out via eth1. --G1-- iptables -A FORWARD -i eth0 -o eth1 -s 137.112.220.166 -j DROP Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: calvin [mailto:calvinproject@xxxxxxxxxxx] Sent: Thursday, June 05, 2003 6:28 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: silly question, how to block all outgoing traffic? case2: iptables -A output -s 137.112.220.165 -j DROP case3: iptables -A input -i 137.112.220.165 -s 137.112.220.165 -j DROP case4: iptables -A output -s ! 137.112.220.165 -j ACCEPT
