Topic: How to prevent outgoing traffic from specific host

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

ymhee_bcex

25 Sep 2008, 21:17

I want to be able to block the traffic from a specific host on the network ("turn off the internet access")

Before I had the rule that worked:
iptables -A input_rule -s 192.168.1.206 -j REJECT

The following doesn't seem to work (in /etc/config/firewall):

config rule
option dest wan
option proto tcp
option src_ip 192.168.1.100 (the ip of the computer in question)
option target REJECT

It doesn't block this ip from getting onto the internet. I also tried by mac, and opt src lan (instead of dest wan), and with quotes - doesn't make any difference

PS. I know that I asked this question a few weeks ago. I suspect, that the subject was somewhat unrelated, therefore I am reposting with a better one, rather than bumping the old one.

TIA

Post #2

belrpr

26 Sep 2008, 09:29

Internet isn't passing the input rule but the forwarding chain.

INPUT is traffic which is for the router.
FORWARDING is traffic that passes the router but isn't for the router.
Output is like the input but in the other direction

Post #3

ymhee_bcex

26 Sep 2008, 22:13

belrpr, thank you for your response.

I am fairly new to this stuff; can you please elaborate how this is relevant to my question?

BTW, I had a typo in my original question. The actual content of the config section in /etc/config/firewall is

config rule
        option dest wan
        option proto tcp
        option src_ip 192.168.1.206 (the ip of the computer in question)
        option target DROP

The discussion might have continued from here.

Page 1 of 1