try this, For your situation the packet hits the chain in this way. 1. Mangle Prerouting 2 Nat Prerouting < here routing decision is made. Since this packet is to be forwarded it goes to > 3. Mangel forward 4. Filter forward. 5. mangle Postrouting 6. Nat postrouting. <out of the box> Since u configured the rule in INPUT chain fo filter table the packet never reached it. So u can add it in any of the previous chains depending on your requirement. Eg. iptables -A FORWARD -s 10.10.16.x -d 200.100.100.67 -p all -i eth1 -j DROP For this u should not have any rules above in this chain or any rules in PREROUTING that accepts this connection. Regards Anish --- Rezk Mekhael <Rezk@xxxxxxxxxx> wrote: > Hi, Manager > > > I have a server with 2 card > > eth1: 10.10.16.X enternal > eth0: 200.100.X.X external > > I am using NAT rule, i need a example to > > "any traffic coming from 10.10.16.x is NOT allowed > to go to the a server > 200.100.100.67 , but can still do everything else" > > any idea? > > I try to use this > "iptables -A INPUT -p all -d 200.100.100.67 -i eth1 > -j DROP" > > but it did not work > > > > -- > Sincerely, > Rezk Mekhael > > -- > redhat-list mailing list > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > ___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
