> I want to block smtp operations from the local network so the > viruses/worms will be blocked. > > I tried a command: > $IPTABLES -A OUTPUT -p TCP -i $LAN_IFACE -s $LAN_IP_RANGE > --dport smtp > -j DROP > but it did nothing. No, the INPUT and OUTPUT chains are for filtering the local machine : de firewall itself. If you want to block clients, you should use the FORWARD chain. You could use a rule like this one : $IPTABLES -A FORWARD -i $LAN_IFACE -s $LAN_IP_RANGE -p tcp --dport 25 -j DROP or $IPTABLES -A FORWARD -i $LAN_IFACE -s $LAN_IP_RANGE -p tcp --dport 25 -j REJECT --reject-with tcp-reset I suppose you're running your own mailserver ? Otherwise none of your clients are able to send email. Gr, Rob
