search for: nerdalert

...ill >be passed on to the Internet, so your rule needs to be in the >FORWARD chain. (The OUTPUT chain affects packets that originate at >your machine.) > >Here's a nice collection of diagrams showing how packets flow >through the system: > ><https://gist.github.com/nerdalert/a1687ae4da1cc44a437d> Ah ... Caught it. So here is the IPTABLES method to block output on port 22 from internal machines on a gateway: iptables -I FORWARD -p tcp --dport 22 -i {name-of-internal-interface} -j DROP So, for example, if your internal interface is, for example, /dev/enp2s0...

Folks I'm struggling with my firewall settings, and would appreciate some help. I have a gateway machine (currently Centos 7 with IPV4 only) with two NICs. One is connected to the internet, the other to an internal network (10.0.0.0/24) of mixed hardware (windows7, android tablets, android phones, linux boxes) using NAT. I wish to block all outgoing connects to any external IP address

...You want to block packets that will be passed on to the Internet, so your rule needs to be in the FORWARD chain. (The OUTPUT chain affects packets that originate at your machine.) Here's a nice collection of diagrams showing how packets flow through the system: <https://gist.github.com/nerdalert/a1687ae4da1cc44a437d>