drop input traffic incoming from local network

Question

I'm not able to drop traffic incoming from my local network to a specific IP address.

Here is my network :

LAN 172.16.0.0/16 -> (eth1) Debian Router/Iptable (eth0) -> DMZ 192.168.0.0/24 -> ISP Router -> Internet

Debian Router/Iptable setup :

eth0 192.168.0.1/24
gateway 192.168.0.254 (ISP Router)
eth1 172.16.0.1/16

ipv4 forward enabled

iptables -t filter -A INPUT -d 123.123.123.123/32 -j DROP # destination ip denied
iptables -t nat -A POSTROUTING -j MASQUERADE

There is no other rules and since -d 123.123.123.123 -j DROP is configured i don't understand how my computers are able to ping/access to 123.123.123.123.

Computer network configuration :

eth0 172.16.0.2/16
gateway 172.16.0.1
dns 8.8.8.8

Am I doing anything wrong? Thanks.

score 0 · Answer 1 · answered Nov 16 '13 at 18:18

0

My filter rule was applied on the wrong chain, here is how I solved my issue :

iptables -t filter -A FORWARD -d 123.123.123.123/32 -j DROP # destination ip denied

answered Nov 16 '13 at 18:18

Arka

307
1
6
17

drop input traffic incoming from local network

1 Answers1