June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.3. Blocking All Network Traffic
Problem
You want to block all network traffic by firewall.
Solution
For iptables:
# iptables -F # iptables -A INPUT -j REJECT # iptables -A OUTPUT -j REJECT # iptables -A FORWARD -j REJECT
For ipchains:
# ipchains -F # ipchains -A input -j REJECT # ipchains -A output -j REJECT # ipchains -A forward -j REJECT
Discussion
You could also stop your network device altogether with ifconfig [Recipe 3.2] or even unplug your network cable. It all depends on what level of control you need.
The target REJECT sends an error packet in response to the incoming packet. You can tailor iptables ’s error packet using the option —reject-with. Alternatively, you can specify the targets DROP (iptables) and DENY (ipchains) that simply absorb the packet and produce no response. See Drop Versus Reject.
See Also
iptables(8), ipchains(8).
Tip
Rules in a chain are evaluated in sequential order.