Hello, It's the opposite... The request goes to the tcp port 80 of your server, not the other way around... iptables -A INPUT -s 192.168.0.30 -p tcp --dport http -j REJECT means Reject tcp packets coming from 192.168.0.30 destined to port 80 of this box. -- Marcelus Trojahn Wednesday, May 24, 2006, 1:18:25 PM, voce escreveu: > Hi All, > I'm quite new to iptables and actually.. how it works. I set up > firewall on a server with IP 192.168.0.40/24 (with an Apache web > server running) and then I have a windows client with IP > 192.168.0.30/24 and then I try to block HTTP port request from this > client using this command : > iptables -A INPUT -s 192.168.0.30 -p tcp --sport http -j REJECT > but it fails.... then I try this one : > iptables -A INPUT -s 192.168.0.30 -p tcp --dport http -j REJECT > why is it so ?? As my logic say the request come from http port, so I > specify the -p tcp --sport http, but it doesn't work at all :(
