IPtables - block subdomains (a.domain.com, b.domain.com, c.domain.com,...)
Hi everyone,
I'm trying to use iptables (debian machine with two nics filtering the net connection) to block a domain including all of it's subdomains (a.domain.com, b.domain.com, c.domain.com,...). What I actually do is <code> iptables -A FORWARD -d a.domain.com -j dropAndLog; </code> but the domain seems to have several servers... how could I block them all at a time? Thanks! P.S.: If this has been answered before, redirecting me to the post would be fair game :) |
Quote:
Take google.com for example:- Code:
host www.google.com Code:
NetRange: 209.85.128.0 - 209.85.255.255 so from this you could add a rule such as Code:
hosts.deny / hosts.allow. man hosts.deny then search for examples NOTE: tcpwrappers only work with apps that have libwrap.so compiled in. check with Code:
|
Right, if the daemon is compiled with tcp wrapper support, that would be easier. Otherwise you will be doing some whois(1) investigation to get each CIDR block, as noted above, and using it in an iptables(8) rule.
|
You can deny on the DNS request as a "sctring" extension
Code:
iptables -A FORWARD -p tcp --dport 53 -m string --algo kmp --string "domain.com" -j DROP |
I'll try these!
Thanks for all your replies, I'll try these solutions to see the one that best fit my verry own needs.
I won't miss telling you the one I've personnaly found most usuable in my solution (they all look good...), or ask for more details. Thanks already! |
I think I'll go for the "host way"
Hi everyone, I looked ad your answers and I think that I'll go for the iptables way hard-coding the host's server's IP adresses.
I'll do it this way mainly because this way I can keep it centralised in one script file. Thanks for your help! |
Quote:
|
All times are GMT -5. The time now is 08:13 PM. |