We have to find out the external interface. You can find by ip route get 8.8.8.8 command. You will see a multi-column row after the run. The 5th value of this row shows your external interface. You can also get the interface name by using awk command as shown below. We exporting interface name to make process easier. You can block RFC1918 subnets from the external interface to prevent these to go out by command that I prepared below. You can also replace $INET_IFACE variable by hard-coded way such as eth0. I found my external by this command: ip route get 8.8.8.8 | awk -- '{printf $5}'
iptables -A FORWARD -o $INET_IFACE -d 10.0.0.0/8 -j REJECT
iptables -A FORWARD -o $INET_IFACE -d 172.16.0.0/12 -j REJECT
iptables -A FORWARD -o $INET_IFACE -d 192.168.0.0/16 -j REJECT
iptables -A FORWARD -o $INET_IFACE -d 100.64.0.0/10 -j REJECT
iptables -A FORWARD -o $INET_IFACE -d 169.254.0.0/16 -j REJECT
iptables -A FORWARD -o eth0 -d 10.0.0.0/8 -j REJECT
iptables -A FORWARD -o eth0 -d 172.16.0.0/12 -j REJECT
iptables -A FORWARD -o eth0 -d 192.168.0.0/16 -j REJECT
iptables -A FORWARD -o eth0 -d 100.64.0.0/10 -j REJECT
iptables -A FORWARD -o eth0 -d 169.254.0.0/16 -j REJECT
it worked very well for me, I like it. I expect you to be successful at Ecof
YanıtlaSil