Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
modify /etc/sysconfig/iptables
The following entries allow traffic from the two domains listed.
-A INPUT -s 172.35.111.239 -j ACCEPT
-A INPUT -s 172.35.111.233 -j ACCEPT
Also, use the /etc/hosts.allow and /etc/hosts.deny.
In the hosts.deny file you want to deny all by saying
all:all
The host.allow file migh tlook something like the one below. You need to add your IP's for each of the service you will be runnning. Add the netmask also.
#
# hosts.allow file for App Servers
#
ALL: localhost
in.rshd: 172.35.111.233/255.255.255.224 etc.... for each line.
bpcd:
bpbkar:
portmap:
lockd:
mountd:
rquotad:
statd:
snmpd:
add this line to make all sites redirect to localhost:
Code:
address=/#/127.0.0.1
add these lines to make specific sites use the DNS server at 8.8.8.8:
Code:
server=/allowed.com/8.8.8.8
then restart the dnsmasq service:
Code:
sudo service dnsmasq restart
Old thread but definitely one I needed to find! This almost does exactly what I am looking for - I need to block all web traffic but unfortunately this stops incominb TeamViewer sessions from working on the machine. Has anyone run into this and solved it? I'll of course keep digging but wanted to post here in case someone has invented that wheel already. I guess what I'm looking for is a way to disallow ALL EXCEPT, not just ALL. Or maybe it's a port that needs to be opened in the config?
Hm, think I actuall6y figured it out right after posting... seems the SERVER line does work on top of the ADDRESS line... I added server=/teamviewer.com/8.8.8.8 and restarted and it allowed it to connect!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.