debian as gatway block port from ip
I have a number of public ips behind a debian router connected to vms. I want a specific ip not to be able to use port 25 outgoing.
I have tried /sbin/iptables -A OUTPUT -o ens19 -p tcp --destination-port 25 -s xxx.xxx.xxx.xxx -j DROP along with several other combinations of command but I cannot get it to work. It will block outgoing ports on the router fine but not for systems behind it.
Solution 1:
OUTPUT
is from the machine itself, to block forwarded traffic you need FORWARD
as in:
iptables -A FORWARD -p tcp --dport 25 -s xxx.xxx.xxx.xxx -j DROP
Also skipping -o ens
since you probably want to block port 25 from that IP, regardless of which interface it goes out on, and also that there is several places in the tables that some information is not available, the less specification, the less that can go wrong.