Recipe 2.3 Blocking All Network Traffic

2.3.1 Problem

You want to block all network traffic by firewall.

2.3.2 Solution

For iptables:

# iptables -F
# iptables -A INPUT -j REJECT
# iptables -A OUTPUT -j REJECT
# iptables -A FORWARD -j REJECT

For ipchains:

# ipchains -F
# ipchains -A input -j REJECT
# ipchains -A output -j REJECT
# ipchains -A forward -j REJECT

2.3.3 Discussion

You could also stop your network device altogether with ifconfig [Recipe 3.2] or even unplug your network cable. It all depends on what level of control you need.

The target REJECT sends an error packet in response to the incoming packet. You can tailor iptables's error packet using the option —reject-with. Alternatively, you can specify the targets DROP (iptables) and DENY (ipchains) that simply absorb the packet and produce no response. See Drop Versus Reject.

2.3.4 See Also

iptables(8), ipchains(8).

Rules in a chain are evaluated in sequential order.