You need to create a rule on that specific interface. something like: iptables -t filter -A INPUT -i eth2 -s 0.0.0.0/0 -j DROP This will drop ALL traffic coming into your eth2 interface. If you need certain traffic to come through (like from your internal network) add a rule to allow this traffic BEFORE the drop rule. Also, get yourself a tool like fwbuilder (http://www.fwbuilder.org). It will make configuring your firewall a lot easier. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Ross Cameron Sent: Wed 19-Jul-06 12:25 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Firewalling issue Hi there list I have the following issue: I have a IP split setup on one of my Linux boxes (see diagram below), I can route and all access is hunky dory,... BUT I want to block access to my DMZ'z gateway address from the outside world. How do I do this? +------------+ +------------ + | | eth0 +-------------+ eth1 | | | Internet |============| FW / Router |============| LAN | | | +-------------+ | | +------------+ || eth2 +------------ + || || || || +------------ + |+-----------------| | +------------------| DMZ | | | +------------ + KEY: ~~~~ eth0 => 196.x.x.122 / 255.255.255.252 eth1 => 192.168.x.x / 255.255.255.0 eth2 => 196.x.x.94 / 255.255.255.240 The Internet needs to be able to see 196.x.x.80 -> 196.x.x.95,... with the exception of 196.x.x.94!!! Everything else is correct and how I need it to be,... I need to know how to DROP the packets coming in on eth0 for 196.x.x.94 BUT packets coming in on eth2 for 196.x.x.94 need to be allowed. Regards,... Ross Cameron
