Hi, I had the simple task to block the connection of 3 workstation(loopback and eth0) after a certain hour. So, I decided to put the single rule: iptables -I OUTPUT -j REJECT --reject-with icmp-host-prohibited After that, a friend of mine told me the following: It's better to reject the eth0 only, because, with the rule above, I'm blocking the loopback also, and the services that depends on that "interface", such as all the unix sockets based applications. That is my doubt. I read a lot of documentation about the netfilter architecture, but there is that gap of knowledge. The documentation never speaks about the differences between unix and tcp sockets. Instead of search directly in google,I decided to ask here in netfilter list: Where can I find that kind of information(nefilter x unix/tcp sockets)? Thanks, Erico.
