Correct rule in iptables?

D

Denis Sechin2017-03-09 18:56:58

linux

Denis Sechin, 2017-03-09 18:56:58

There is a gateway on ubuntu 16, there is an internal network 10.20.32.0/24, I need to prohibit traffic on the internal network between two PCs. Specifically, I need some host A to drop out of the network, and then contact me.
The iptables -A INPUT -s 10.20.32.233 -j DROP rule does not work, i.e. I perfectly ping the gateway from this machine. Thanks in advance

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

brar, 2017-03-09
@tamogavk

Packets between hosts on the same subnet do not reach iptables, but are processed directly on the switch. That is, iptables does not even know about their "communication".

K

krosh, 2017-03-09
@krosh

If we are talking about the gateway, then the following command will partially help create the problem:
iptables -A FORWARD -s 10.20.32.233 -j DROP
To break the work on the local network, you need to read about the ARP protocol and use the arp spoofing methods wisely.
And pings from the gateway are possible due to the fact that the allowing rule is higher in the chain of rules. Put the drop higher and look at the result.