On Mon, Apr 25, 2011 at 06:03:29PM +0200, Alexander Farber wrote:
Hello,
how do you block incoming AND outgoing traffic to a site?
I have 2 drop lines for a site in my /etc/sysconfig/iptables:
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -d xx.xx.xx.0/24 -j DROP -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 80,8080 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 2 -j ACCEPT COMMIT
but for some reason still can "ping xx.xx.xx.1" and "ssh xx.xx.xx.1" prints "ssh: connect to host xx.xx.xx.1 port 22: Connection refused" immediately, which probably means my packets aren't dropped at all.
To block outgoing traffic (traffic originating on this host destined for another machone) you need to add rules to the OUTPUT filter.