** Reply to message from Brian <[EMAIL PROTECTED]> on Wed, 10 Apr 2002 18:52:43 -0700
> I have a iptables firewall version 1.2.5, I LOVE IPTABLES SO MUCH MORE > THINGS YOU CAN DO. I have a small network off my eth0 interface > 192.168.0.X network and my ppp0 is my DSL connection, with the current > firewall how would I block someone going to the Internet from my eth0 > interface. I have tried many of things here and had no luck. > > Both my INPUT and OUTPUT used a DROP policy by default and I am using > NAT to route my traffic to the Internet. <snip> The best way to prevent somebody exiting your network is to use the mac match module since the mac address will be intact since it hasn't hit a router yet. /sbin/iptables -A OUTPUT -o eth0 -m -mac --mac-source XX.XX.XX.XX.XX.XX -j DROP Of course, you will have to know the mac address of your violator's ethernet card. jb -- Jack Bowling mailto: [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list