28 Apr
2004
28 Apr
'04
04:52
Hello Andreas,
Well, now I did and an IPTABLES -A OUTPUT -j REJECT -d www.x.de in fw_custom_before_antispoofing()
you will need a rules like this: iptables -A FORWARD -s IP_OF_NAT_BOX_1 -d IP_OF_DESTINATION -j DROP/REJECT iptables -A FORWARD -s IP_OF_NAT_BOX_2 -d IP_OF_DESTINATION -j DROP/REJECT INPUT and OUTPUT are for the NAT box ( router / firewall ) itselve and FORWARD for the routed traffic through your NAT box (router/firewall).
prevents at least lynx on the NAT box itselve to reach those sites. I did it remotely so I can't actually check if the LAN boxes can still get through.
I've got to admit, that I don't have a clue about IPTABLES and let SuSEfirewall2 do it's magic.
Thanks :) Andreas
Regards, Chris.