On Tue, Jun 16, 2020 at 12:26 PM david <david at daku.org> wrote: > > Examples of what I've tried, and then tested. None of them stopped > an outgoing SSH from an internal system. > > iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP > iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP > > > which interface is that bound to? I don't see a -i eth0 or whatever, but you want that rule on your LAN interface. note these rules will also prevent any host on 10.0.0.0/24 from ssh'ing to the gateway machine itself. -- -john r pierce recycling used bits in santa cruz