Discussion:
IPSET and OUTPUT
(too old to reply)
s***@web.de
2018-06-01 12:47:04 UTC
Permalink
Hello,

I want use ad blocking with iptables so I found ipset which make life
easier. My question is how it work with Output format?

iptables -I OUTPUT -m set --match-set adblock src -j REJECT

will this work? I be not really sure and most what found
about ipset is input.

Thanks for help
Silvio
Gioele Falcetti via arch-general
2018-06-01 13:45:26 UTC
Permalink
Post by s***@web.de
Hello,
I want use ad blocking with iptables so I found ipset which make life
easier. My question is how it work with Output format?
iptables -I OUTPUT -m set --match-set adblock src -j REJECT
will this work? I be not really sure and most what found
Post by s***@web.de
about ipset is input.
Thanks for help
Silvio
Since you want to block the destination IP, not the source IP, you should
use:

-A OUTPUT -m set --match-set adblock dst -j REJECT

I usually also add "--reject-with icmp-host-prohibited", that makes the
detection of the blocked host easier:

-A OUTPUT -m set --match-set adblock dst -j REJECT --reject-with
icmp-host-prohibited
Loading...