[LARTC] Not routing for 1 host?
Dmytro O. Redchuk
dor at ldc.net
Tue Apr 4 09:09:03 CEST 2006
On Tue, Apr 04, 2006 at 08:55:37AM +0200, Joost Kraaijeveld wrote:
> Hi,
>
> I want to stop routing for 1 particular host in my network. I thought that this would do it:
>
> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP
> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP
>
> But that still shows traffic. What is the corract way to do that?
If you'd like to do it in this way -- use FORWARD instead of INPUT.
Forwarded traffic never travels INPUT/OUTPUT chains.
The same but better, possibly:
#
iptables -I FORWARD 1 -i <input_iface> -s aaa.bbb.ccc.ddd -j DROP
# if host is not being NAT'ed:
iptables -I FORWARD 1 -i <output_iface> -d aaa.bbb.ccc.ddd -j DROP
Start with this, and read the manual :-)
(You shouldn't use `-D' above anyway)
You could use policy routing, too, I guess.
>
> Groeten,
>
> Joost Kraaijeveld
> Askesis B.V.
> Molukkenstraat 14
> 6524NB Nijmegen
> tel: 024-3888063 / 06-51855277
> fax: 024-3608416
> e-mail: J.Kraaijeveld at Askesis.nl
> web: www.askesis.nl
--
_,-=._ /|_/|
`-.} `=._,.-=-._., @ @._,
`._ _,-. ) _,.-'
` G.m-"^m`m' Dmytro O. Redchuk
More information about the LARTC
mailing list