> Hi all, this is my first message to the list, so excuse me if it is too > trivial... > > I have a Red Hat box running as a firewall in my network. It's > working fine, but now I'm doing tests in order to block certain Internet > traffic. I've added the following rules which should drop packets from > my PC to a known public IP (a web server): > > iptables -A FORWARD -s 192.138.35.110 -d 193.110.128.200 -j DROP > > But the packets are not droped because I still can connect to the > web server. Look at your whole FORWARD chain: 'iptables -v -L FORWARD'. You have an earlier rule in the chain that's allowing those packets through. If you want to be sure, try replacing '-A' by '-I'. This will insert your rule at the front of the FORWARD chain, instead of at the end. > The default rule for FORWARD chain is DROP This confirms it. If you didn't have an earlier rule that was letting the packets through, then with a DROP policy you wouldn't need the above rule at all.
