/sbin/iptables --flush > /sbin/iptables --table nat --flush Above two lines flushes all existing rules in iptables /sbin/iptables --delete-chain > /sbin/iptables --table nat --delete-chain This two deletes any user defined chains present /sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j > MASQUERADE This one masquerades the requests going out to internet through interface ppp0 which is the dialup interface. Masquerading allows internally connected computers that don't have registered Internet IP addresses to communicate to the Internet through the sigle IP address present. Refer http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ for more details about it. /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT This one accepts Forwarding of all packets (to other interfaces present, say ppp0) comming at the interface eth0 that is connected to the local network. echo 1 > /proc/sys/net/ipv4/ip_forward Enable packet forwarding in kernel. Can also be set permanantly in /etc/sysctl.conf To block a particular machine by its IP address you can add the following line to iptables. iptables -A INPUT -s 192.168.0.5 -i eth0 -j DROP this blocks requests from 192.168.0.5 comming at interface eth0. I think this would be sufficient. try. Also refer http://iptables.org/ for more details abt iptables. -- regards, Ashok. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
