[CentOS] Blocking an IP address both as source and destination

Mon Apr 25 16:18:08 UTC 2011
Stephen Harris <lists at spuddy.org>

On Mon, Apr 25, 2011 at 06:03:29PM +0200, Alexander Farber wrote:
> Hello,
> 
> how do you block incoming AND outgoing traffic to a site?
> 
> I have 2 drop lines for a site in my /etc/sysconfig/iptables:
> 
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [294:35064]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -s xx.xx.xx.0/24 -j DROP
> -A INPUT -d xx.xx.xx.0/24 -j DROP
> -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
> 80,8080 -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags
> FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 2 -j ACCEPT
> COMMIT
> 
> but for some reason still can "ping xx.xx.xx.1" and
> "ssh xx.xx.xx.1" prints
> "ssh: connect to host xx.xx.xx.1 port 22: Connection refused"
> immediately, which probably means my packets aren't dropped at all.

To block outgoing traffic (traffic originating on this host destined
for another machone) you need to add rules to the OUTPUT filter.

-- 

rgds
Stephen