Blocking incoming traffic for interface

Question

I have created an interface eth0:2 and I want to make curl requests from that interface only so I want to block all ports and incoming traffic on that interface.

This iptables rule used to work, but for some reason it doesn't anymore:

iptables -A FORWARD -i eth0:2 -j DROP

Hopefully someone can point me in the right direction.

you need to use the INPUT CHAIN for incoming traffic, http://wiki.centos.org/HowTos/Network/IPTables — c4f4t0r, Mar 17 '14 at 17:57
If you block all incomming traffic, by definition you aren't allowing any of the stuff you are retrieving in either... make *sure* you understand what you are doing here first. — vonbrand, Mar 18 '14 at 17:36

krisFR · Answer 1 · 2014-03-17T22:46:10.757

0

Seems that incoming traffic is directly addressed to the machine itself, so it will hit the INPUT chain.

You should use the INPUT chain instead :

iptables -A INPUT -i eth0:2 -j DROP

FORWARD chain is hit when traffic is routed from one interface to another.

edited Mar 17 '14 at 22:46

answered Mar 17 '14 at 22:37

krisFR

13,280
4
36
42

Blocking incoming traffic for interface

1 Answers1