On Fri, 2020-01-10 at 01:52 +0500, Alexander V. Makartsev wrote: > > The answer to your question, I believe, should look like this: > "iptables -I FORWARD -s 23.132.208.0/24 -j DROP"
Thanks! That is what I am looking for. To be clear, I'm doing something much more complex, but the underlying issue is that blocked IPs (via ipsets and text file lists) were properly DROPped by INPUT rules but were circumventing via the FORWARD and NAT rules. -Jim P.
