mjhjmtu

I am trying to monitor behaviour of simple TV set-top box while losing connection to one or other DNS. The box is behind simple linux machine with debian which is then connected to network with DHCP and such. I am trying to use the middle-machine as traffic filter, so I can see if the set-top box switch easily to second DNS after losing connection with current.

When I am trying to DROP connection via iptables on the linux machine, banning IP of DNS, which is then unpingable from the machine (proving iptables config takes effect], the set-top box is still able to use the DNS normally. Monitoring the traffic using tcpdump proves it. Set-top box itself is obtaining all the info from network. The purpose is to simulate possible full or partial DNS failure in real envirnoment.

Using variations of: (OUTPUT, -d)
iptables -A INPUT -s 212.X.X.X -j DROP
even (OUTPUT)
iptables -A INPUT -p udp --dport 53 -j DROP
iptables -A INPUT -p tcp --dport 53 -j DROP

I am not sure what I am missing here (and I certainly do). I was also specifying interface facing network and such

The INPUT chain in IPTables acts on traffic whose destination is the computer running IPTables. It does not affect forwarded traffic.

You need to use the FORWARD chain for packets that go through the computer and that are not directed to it.

For example:

iptables -I FORWARD 1 -s 192.168.0.0/24 -d <destinationIP> -p udp --dport 53 -j DROP

This rule drops all UDP packets from 192.168.0.0/24 network to port 53.