Are you running browser on the router? You should add blocking rules into OUTPUT chain to block access from the router. Rules in the FORWARD chain affect only connections from the computers connected through the router. Are you able to ping the blocked hosts (from the router and from the connected computers)? Alexey Fadyushin Brainbench MVP for Linux. http://www.brainbench.com >Sir, > >I have added these lines but still not working my iptables output is showing rejected sites in FORWARD but checked in browser still >open that sites >even i changed to DROP . >tell me what sould i do. waiting for reply >thank u very much > >Alexey Fadyushin <fab@xxxxxxxxxxxx> wrote: Yes, you can use list from a file. You should use the following commands: for i in `cat /etc/blocklist.txt` ; do iptables -A FORWARD -d $i -j REJECT done You can put these commands in the file with other firewall configuration commands. I think that most logical place for them is rc.filewall. Alexey Fadyushin Brainbench MVP for Linux. http://www.brainbench.com >Thank you for your great help > >can you tell me one more thing >in can i add path of list like >for i in < /etc/blocklist.txt>;do >iptables -A FORWARD -d $i -j REJECT > >and tell me where should i add this lines in rc.firewall or somewhere. >Thanks and let me know > > > > >Alexey Fadyushin wrote: > > Of course, squid is more efficient solution. But the question was about > iptables. As I understood, squid has not been installed on the router > in question. > > Alexey Fadyushin. > Brainbench MVP for Linux. > http://www.brainbench.com > > "Rigler, Steve" wrote: > > Wouldn't it be more efficient to set up squid and use it to block adult sites? > > -Steve > > > -----Original Message----- > > From: redhat-list-admin@xxxxxxxxxx > > [mailto:redhat-list-admin@xxxxxxxxxx]On Behalf Of Alexey Fadyushin > > Sent: Wednesday, December 24, 2003 8:04 AM > > To: redhat-list@xxxxxxxxxx > > Subject: Re: How do i Block Adult Sites through IPTABLE > > > > > > You should add the following string(s) in the rc.firewall: > > > > iptables -A FORWARD -d 1.2.3.4 -j REJECT > > > > where 1.2.3.4 should be replaced with the address of the adult server > > to be blocked. > > You should repeat this string for all the servers you need to block. > > Of course, if you have many servers to block, you can use shell's > > operators (such as 'for') around that string to automatically > > replace the address for each server. For example: > > > > for i in ; do > > iptables -A FORWARD -d $i -j REJECT > > done > > > > Alexey Fadyushin. > > Brainbench MVP for Linux. > > http://www.brainbench.com > > > > > > > Thanks you are helping me > > >I have installed RedHat 8.0 that is with two eth card and > > runing as proxy server > > > > > >i have added rulesin rc.firewall file and proxy is working > > > > > ># Masquerade > > > > > >iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE > > > > > >iptables -A OUTPUT -s $LOCAL_NET -o $EX_ETH -j ACCEPT > > > > > ># Turn on IP forwarding > > > > > >echo 1 > /proc/sys/net/ipv4/ip_forward > > > > > >so how can i block all adult sites > > > > > > > > > > > > > Alexey Fadyushin wrote: > > > > If you need to block the access to that sites locally > > (i.e. from > > the > > computer on which you run iptables, you can use the following > > command: > > > > iptables -A OUTPUT -d -j REJECT > > > > alternatively, yuo can add the following string to > > /etc/sysconfig/iptables > > (in the 'filter' table): > > > > -A OUTPUT -d -j REJECT > > > > If you want to block the access from another machine, for which > > your > > computer > > is acting as a router, you should change 'OUTPUT' to > > 'FORWARD' in > > the > > examples > > above. > > > > Alexey Fadyushin. > > Brainbench MVP for Linux. > > http://www.brainbench.com > > > > Nilesh wrote: > > > > > > Hello > > > > > > How do i block Adult XXX sites through iptables > > > > > > can any one help me > > > > > > Thanks > > > > > > > > > > > ---------------------------------------------------------------------- > > > Do you Yahoo!? > > > Yahoo! Photos - Get your photo on the big screen in Times > > Square > > > > > > -- > > redhat-list mailing list > > unsubscribe > > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > Do you Yahoo!? > > Yahoo! Photos - Get your photo on the big screen in Times Square > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list >Do you Yahoo!? >Yahoo! Photos - Get your photo on the big screen in Times Square >Do you Yahoo!? >Yahoo! Photos - Get your photo on the big screen in Times Square -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
