[arch-general] IPSET and OUTPUT
Gioele Falcetti
thegio.f at gmail.com
Fri Jun 1 13:45:26 UTC 2018
On Fri, 1 Jun 2018, 14:47 siefke_listen at web.de, <siefke_listen at web.de>
wrote:
> Hello,
>
> I want use ad blocking with iptables so I found ipset which make life
> easier. My question is how it work with Output format?
>
> iptables -I OUTPUT -m set --match-set adblock src -j REJECT
will this work? I be not really sure and most what found
> about ipset is input.
>
> Thanks for help
> Silvio
>
Since you want to block the destination IP, not the source IP, you should
use:
-A OUTPUT -m set --match-set adblock dst -j REJECT
I usually also add "--reject-with icmp-host-prohibited", that makes the
detection of the blocked host easier:
-A OUTPUT -m set --match-set adblock dst -j REJECT --reject-with
icmp-host-prohibited
>
More information about the arch-general
mailing list