RV: This might be a stupid question...

[Daniel Elías Robles]

----- Original Message ----- From: Daniel El�as Robles To: [EMAIL PROTECTED] Sent: Thursday, March 14, 2002 5:56 PM Subject: RE: This might be a stupid question... The OUTPUT rules is for packets originated in you firewall box, then this rule you tell us does not work as you expect.   In order to avoid that you need to set a rule like this.   iptables -I FORWARD -d 63.211.210.20 -i internal_interface -j DROP   This way packets traversing the kernel into a different destination will be droped in the first moment they are checked.   You need to take care of the order you place the rules in your script, that is why I inserted the rule, so it is the first rule check in the FORWARD chain.     Hope this helps.       Daniel   ----- Original Message ----- From: Ryan Clarke To: [EMAIL PROTECTED] Sent: Thursday, March 14, 2002 2:37 PM Subject: This might be a stupid question... Alright guys, this might be a stupid question.   I just transitioned from IPCHAINS to IPTABLES and I'm trying to ban the computers in my network from reaching a webpage (ads.x10.com....the hated X10 ads!). The command I'm trying to use is as follows:   iptables -A OUTPUT -o ppp0 -d 63.211.210.20 -j DROP   It executes fine, HOWEVER I can still get to that webpage. Any help?   Thanks a lot.   Ryan Clarke [EMAIL PROTECTED]