Hello Blake, packets are put into INPUT chain when they are destined to the filtering machine itself. packets are put into OUTPUT chain when thay are originated from the filtering machine itself. packets are put into FORWARD chain when they are going transit through the filtering machine. so, if you need to block pass through traffic from 192.168.31.208 and your incoming (internal) interface is $CLEANIF1, then you have to specify /sbin/iptables -A FORWARD -i $CLEANIF1 -s 192.168.31.208 -j DROP moreover, be sure that you do not have ACCEPT rule on your list above that matches this source and this incoming interface also. check the "order of going through tables and chains" in iptables tutorial. regards, Nikolay e-mail: n_kanivets@xxxxxxxxxxxxxxxx ----- Original Message ----- From: "Blake Patton" <pattonb@xxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Monday, August 13, 2007 7:15 AM Subject: trying to block an internal ip > > -- > I have been trying to block all traffic from an internal ip address, and packets are still going out, (seen with tcpdump) I don't see any traffic coming in for that ip. here are the rukles I have put in place. > > /sbin/iptables -A INPUT -i $CLEANIF1 -s 192.168.31.208 -j DROP > /sbin/iptables -A INPUT -i $CLEANIF1 -d 192.168.31.208 -j DROP > > I thought this would shut down 192.168.31.208, however that is not the case. any advice would be appreciated. > > > > > >