jqb@xxxxxxxxxx wrote: > netfilter! > howto stop this packet on iptables firewall; > tcpdump capture packet example: > 10:35:31.881722 IP 218.6.45.6.51755 > 228.71.74.201.7777: S 1432831257:1432831257(0) win 16384 <mss 1460,nop,nop,sackOK> > > 10:35:36.214120 IP 219.147.192.18.1272 > 228.71.74.201.7777: S 490321:490321(0) win 6400 <mss 1460,nop,nop,sackOK> > > > > Regards, > > > xjjjk > jqb@xxxxxxxxxx > 2005-01-14 > iptables -A FORWARD -p tcp --dport 7777 -j DROP or iptables -A FORWARD -p tcp --destination 228.71.74.201 -j DROP depends on if you don't want to connect to that machine, or you just don't want that machine connecting to that port. On a side note, you should have your default policies set to DROP anyway on the default tables for best practice security. iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP and then just accept the data that you want to. This is all covered in the iptables tutortial @ http://iptables-tutorial.frozentux.net/iptables-tutorial.html
