iptables rule -d ! (not destination) is giving me errors

user173360 asked:

How do I use the [!] option for a destination IP?

I’m trying to redirect out-bound WAN DNS traffic to my sinkhole, but I can’t get the –destination [!] option to work.

For example:

iptables -A OUTPUT -d ! 134.134.134.134 -j ACCEPT

returns:

Bad argument `134.134.134.134'

I haven’t the slightest clue what is wrong with my syntax.

My answer:


You have the ! in the wrong place. It belongs before -d.

From the iptables man page:

       [!] -d, --destination address[/mask][,...]

So for example:

iptables -A OUTPUT ! -d 134.134.134.134 -j ACCEPT

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.