This is because you need to use the FORWARD chain; INPUT and OUTPUT are for the local box only, whereas FORWARD is for packets going elsewhere.
On Thu, 25 Apr 2002, junker wrote: > Here is some of what I have tried that does not work. > > iptables -I INPUT -i eth0 -d www.aol.com -j DROP > > iptables -I OUTPUT -o eth1 -d www.aol.com -j DROP > > iptables -I OUTPUT -d www.aol.com -j DROP > > iptables -I INPUT -s www.aol.com -j DROP > > iptables -I INPUT -d www.aol.com -j DROP > > > > The weird thing is that when I try to go to this site on the actual box, eg, > using lynx, it restricts me, but it will not stop people who are using the > nat. > > I have tried using eth+ as well, I am really not that picky I just would > like to block access to or traffic coming from certain web sites. > > Thank you, > > David > > > >
