iptables drop output on given interface

[notgeekenough]

I've got a desktop with two NICS eth0 & eth1. eth0 has an ip and is the in/out access to the desktop. eth1 has no ip, it is listening to traffic coming in from a cable modem. I want to use iptables to drop all output packets from this interface and allow output from eth1 but when I try:

Code:

iptables -A OUTPUT -i eth1 -j DROP

I get the error, "iptables v1.2.11: Can't use -i with OUTPUT"

So, I figure that I could set the default output policy to DROP and then allow output from the ip given to eth0. Is this gonna work and is it a feasible solution?

[notgeekenough]

Well, that didnt work. If I set OUTPUT default policy to drop than I can't set the loopback interface OUTPUT policy to accept and I get weird errors when restarting the desktop. Trying to set lo's output to accept gives me the same error as before.

Any help?

[Lazydog]

That should be

Code:

iptables -A OUTPUT -o eth1 -j DROP

Loopback can be setup as follows:

Code:

iptables -A INTPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

[notgeekenough]

Thanks,

didnt know about the -o, just looked it up in man iptables (something I should of done first I guess) and now it makes sense