Kevin, your example shows the OUTPUT chain in the filter table (the default), not in the nat table (which has to be explicitly stated). As far as I can make out these two OUTPUT chains are quite different, and I am wondering why there is the provision to use both.
On Sun, 2 Dec 2001, Kevin Waterson wrote: > Howard Lowndes wrote: > > > In iptables, what is the purpose of the OUTPUT chain in the nat table? > > Does anyone have an example of where you might use it? > > you can Mangle Nat or Filter with the OUTPUT chain. > if you wish to stop outward bound telnet connections you could > iptables -A OUTPUT -p tcp --destination-port telnet -j DROP > > This can also be handy if you have an internal network full of MS > machines that like to report back "home" with your MAC IP address > and info about your P3/P4 processor and any other info it sends. > > enjoy > Kevin > -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "We are either doing something, or we are not. 'Talking about' is a subset of 'not'." -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
