admin at lctn.org wrote:
> I have a group of PC's behind an IPCop box with an Ip scheme of
> 172.21.6.0/24. I want to add a rule to the IPCop box that will only allow
> them to access a single public IP outside of our network.

I don't know how IPCop sets up firewall rules, so which chain you add
the rule to will be determined by the logical layout of ACCEPT and DROP
rules.  Essentially, you want to find the egress chain for the external
interface and do one of the following:

	  # accept outgoing traffic to specific IP
	  iptables -A OUTPUT -j ACCEPT -o EXTIF -s 172.21.6.0/24 -d IPADDRESS

	  # Drop all other traffic
	  iptables -A OUTPUT -j DROP -o EXTIF -s 172.21.6.0/24

The last rule might not be needed, if the default policy is DROP for the
OUTPUT chain.  You can also limit the type of traffic you want to allow
using protocol and port specifications.  Read the manpage for iptables
and perhaps the Netfilter HOWTO.

Chad