Recipe 2.8 Blocking Access to a Remote Host

2.8.1 Problem

You want to block outgoing traffic to a particular host.

2.8.2 Solution

To block all access:

For iptables:

# iptables -A OUTPUT -d remote_IP_address -j REJECT

For ipchains:

# ipchains -A output -d remote_IP_address -j REJECT

To block a particular service, such as a remote web site:

For iptables:

# iptables -A OUTPUT -p tcp -d remote_IP_address --dport www -j REJECT

For ipchains:

# ipchains -A output -p tcp -d remote_IP_address --dport www -j REJECT

2.8.3 Discussion

Perhaps you've discovered that a particular web site has malicious content on it, such as a trojan horse. This recipe will prevent all of your users from accessing that site. (We don't consider "redirector" web sites, such as, which would get around this restriction.)

2.8.4 See Also

iptables(8), ipchains(8).

    Chapter 9. Testing and Monitoring