Changes

The '''-s0/0''' switch specifies the source IP address. 0/0 means a source address of “anywhere.” this has been put into the lab because your ip address will change because it is dynamically assigned. You can change this value if you want to the IP address that has been specifically assigned to your PC. (Since the rule will, by default, match any source address, this switch may be left out).

The '''-d0/0''' switch specifies the destination address. It makes sense that this address is set to “anywhere” because if we want to block all requests to the WWW, we will never know the specific IP address of web server that is trying to be accessed. ('''Since the rule will, by default, match any destination address, this switch may -- and probably should -- be left out''').

'''DROP''' means drop the packet – make it disappear - and do not continue processing rules. '''REJECT''' is similar, but causes an error packet to be sent back to the source host. '''ACCEPT''' causes the packet to be processed. '''LOG''' causes an entry to be made in the system logs showing that the packet was processed. Note that the ACCEPT LOG target is the only one that does not stop rule-checking in the chain - so you can log a packet with one rule, and then use a later rule in the chain to DROP, REJECT, or ACCEPT it.