debian as gatway block port from ip

debian iptables ufw gateway

I have a number of public ips behind a debian router connected to vms. I want a specific ip not to be able to use port 25 outgoing.

I have tried /sbin/iptables -A OUTPUT -o ens19 -p tcp --destination-port 25 -s xxx.xxx.xxx.xxx -j DROP along with several other combinations of command but I cannot get it to work. It will block outgoing ports on the router fine but not for systems behind it.


Solution 1:

OUTPUT is from the machine itself, to block forwarded traffic you need FORWARD as in:

iptables -A FORWARD -p tcp --dport 25 -s xxx.xxx.xxx.xxx -j DROP

Also skipping -o ens since you probably want to block port 25 from that IP, regardless of which interface it goes out on, and also that there is several places in the tables that some information is not available, the less specification, the less that can go wrong.

Related

How to add CPU core licenses (I've already purchased) to Windows Server Standard 2019?
How to connect oracle database docker image
I'm not sure if basic auth on my server is being secured
How to solve "Bad Certificate" error on kubernetes pod?
How can I search across CloudWatch log groups on AWS?
How to monitor when a file/folder is moved, and where it moved to?
Redirect traffic from an interface to a VPN tun interface with iptables
How can I force a locked workstation to log off after a timeout?
My domain whois admin contact is pointing to a nonexistent email address
VMware - persistent "Host memory status" alarm in vSphere
SSH to 1 server from 2 different servers which have same hostname [closed]
Trying to resurrect 10 year old software - can't activate Windows Server 2008 R2 and problems with Activate by Phone