LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-18-2008, 07:02 AM   #1
lolmannz
LQ Newbie
 
Registered: Jul 2008
Posts: 4

Rep: Reputation: 0
Allowing only certain hosts / domains while blocking the rest using IPTables?


Hi there, I'm just wondering how would one allow outgoing / incoming traffic from specific IP/domain range while blocking the rest using IPtables or similar firewalls?

Some examples of the rules would be high appreciated.
Thanks in advance
 
Old 10-18-2008, 05:55 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
iptables is quite flexible so you can do almost anything. But the simplest thing would be to enumerate what you want to allow and either DROP or REJECT the rest. One example for the OUTPUT chain (for outgoing connections) would be:

Code:
iptables -F OUTPUT
iptables -P OUTPUT REJECT

iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 12.34.56.78 -j ACCEPT
iptables -A OUTPUT -d 87.65.43.21 -j ACCEPT
iptables -A OUTPUT -d 123.45.0.0/16 -j ACCEPT
You should always allow loop back (-i lo). The above code also accepts packets destined for the two enumerated IP addresses and the one network range. Everything else will be REJECTed by policy (-P).
 
Old 10-19-2008, 12:16 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by lolmannz View Post
Hi there, I'm just wondering how would one allow outgoing / incoming traffic from specific IP/domain range while blocking the rest using IPtables or similar firewalls?

Some examples of the rules would be high appreciated.
Thanks in advance
You could achieve this by executing a single command such as, for example:
Code:
iptables -I INPUT -i eth0 -m iprange ! --src-range 217.98.46.100-217.98.56.235 -j DROP
After executing that command, any packets which hit the eth0 interface and don't have a source address between 217.98.46.100 and 217.98.56.235 will be filtered.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nfs allowing multiple hosts linuxfia Linux - General 2 08-29-2008 08:04 PM
blocking specific websites, but allowing internet access poiuytrewq Linux - General 6 08-31-2006 11:45 PM
Blocking port 80 on NAT and allowing browsing thru squid krishvij Linux - Networking 2 07-19-2005 05:10 AM
blocking and allowing ports drumlix18 Linux - Networking 4 11-30-2004 06:36 PM
EXIM blocking domains n3r0 Debian 3 09-22-2004 08:23 PM


All times are GMT -5. The time now is 07:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration