hi!
I want to deny the client-computers behind my router to access some special domains/ip-addresses in the internet. I tried something like "ipchains -A input -d xxx.yyy.zzz.xxx -p tcp -j DENY" and "ipchains -A input -s xxx.yyy.zzz.xxx -p tcp -j DENY" but it didn't work... What can I do to deny access?
ipchains -A input -p all -s [your.domain/netmask] -d aaa.bbb.ccc.ddd/netmask -i [internal eth] -j DENY -l This rule checks packet where it is coming from and where it is going to. The -i internal interface specifies the network adapter on which the packet should be dropped and the -j DENY denies (of course) the packet. The -l is "turn logging on" for you to see whether your rule works. As soon as you see that it works you disable -l if you don't want ipchains logging these events. HTH Philipp