use filter's FORWARD instead of OUTPUT and u probably want to use -I instead of -A On Sat, 2004-02-07 at 12:51, David Harel wrote: > Hi all, > > I have a small local network and a Linux machine as a gateway to the > Internet. On the Linux machine I started iptables using the script from > Oscar Andreasson's tutorial at: > http://iptables-tutorial.frozentux.net/iptables-tutorial.html > Using his script: rc.DHCP.firewall. > This script implements masquerading service to the internal network and > provides firewall security. > > The problem started when I was suspected of having a MyDoom virus or > some other worm that sends unsolicited messages. Most likely this can > happened to any of the machines on the internal network. > > In Oscar's script the local network is treated liberally allowing them > to everything assuming that illegal activity will be blocked elsewhere > by the firewall. This is done using the command: > $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT > where LAN_IFACE is eth0 and LAN_IP_RANGE is 10.0.0/24 (of course > IPTABLES is /usr/sbin/iptables) > > I want to block smtp operations from the local network so the > viruses/worms will be blocked. > > I tried a command: > $IPTABLES -A OUTPUT -p TCP -i $LAN_IFACE -s $LAN_IP_RANGE --dport smtp > -j DROP > but it did nothing. > > What can I do to block those messages sending attempts?
