Folks I'm struggling with my firewall settings, and would appreciate some help. I have a gateway machine (currently Centos 7 with IPV4 only) with two NICs. One is connected to the internet, the other to an internal network (10.0.0.0/24) of mixed hardware (windows7, android tablets, android phones, linux boxes) using NAT. I wish to block all outgoing connects to any external IP address on port 22 (ssh) originating from any internal machine except one (which has a known internal IP address). I've tried some commands using 'iptables' to accomplish this, but so far have failed. If anyone has a suggestion, I'd really appreciate it. In addition, a suitable version for 'firewalld' could be useful, as an upgrade to Centos 8 is in plan. Examples of what I've tried, and then tested. None of them stopped an outgoing SSH from an internal system. iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP Much thanks David