Trying to block outgoing traffic to IP

Discussion in 'Tomato Firmware' started by mikester, Apr 8, 2008.

  1. mikester

    mikester Network Guru Member

    I have added the following line to Admin -> Scripts -> Firewall

    iptables -A OUTPUT -d -j DROP

    in order to block all outgoing traffic to a specific IP.

    It doesn't appear to work as I can still ping the IP. I'm on Tomato 1.17.

    Any ideas or solutions?
  2. mikester

    mikester Network Guru Member

    iptables -I FORWARD -d -j DROP
  3. bripab007

    bripab007 Network Guru Member

    So was that line in your 2nd post the fix?
  4. RonWessels

    RonWessels Network Guru Member

    As you obviously found out, the OUTPUT chain is only used for packets originating on the router itself, and is not used for packets forwarded through the router. Putting it in the FORWARD chain works for packets forwarded from the lan. However, the FORWARD chain is not used for packets originating on the router, so you can still access the restricted IP from the router itself.

    Inserting it into the POSTROUTING chain will catch both forwarded packets and packets that originate on the router.

    Check out this link to see how the various chains are traversed for different packets.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice