[tclug-list] iptable rule

[Jeffrey Lehman]

admin at lctn.org wrote:
>> I don't know how IPCop sets up firewall rules, so which chain you add
>> the rule to will be determined by the logical layout of ACCEPT and DROP
>> rules.  Essentially, you want to find the egress chain for the external
>> interface and do one of the following:
>>
>> 	  # accept outgoing traffic to specific IP
>> 	  iptables -A OUTPUT -j ACCEPT -o EXTIF -s 172.21.6.0/24 -d IPADDRESS
>>
>> 	  # Drop all other traffic
>> 	  iptables -A OUTPUT -j DROP -o EXTIF -s 172.21.6.0/24
>>
>>     
>
> This is what I am getting with the suggested rules. I have tried a few
> variations, but am getting similar errors. I have not found the answer in
> the "help" file.
>
> /sbin/iptables -A CUSTOMOUTPUT -j DROP -o $RED_DEV  -s 172.21.6.0/24
> Warning: wierd character in interface `-s' (No aliases, :, ! or *).
> Bad argument `172.21.6.0/24'
> Try `iptables -h' or 'iptables --help' for more information.
>
>
>   
Try rearranging the arguments to the following.

/sbin/iptables -A CUSTOMOUTPUT -o $RED_DEV -s 172.21.6.0/24 -j DROP


Jeff