Originally Posted by benjalien
I'm trying to use iptables (debian machine with two nics filtering the net connection) to block a domain including all of it's subdomains (a.domain.com, b.domain.com, c.domain.com,...).
What I actually do is
iptables -A FORWARD -d a.domain.com -j dropAndLog;
but the domain seems to have several servers... how could I block them all at a time?
P.S.: If this has been answered before, redirecting me to the post would be fair game
Should be easy enough to find all the servers this domain has from a dns lookup.
Take google.com for example:-
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 188.8.131.52
www.l.google.com has address 184.108.40.206
www.l.google.com has address 220.127.116.11
www.l.google.com has address 18.104.22.168
NetRange: 22.214.171.124 - 126.96.36.199
so from this you could add a rule such as
iptables -A FORWARD -d 188.8.131.52/17 -j dropAndLog
A bit drastic maybe, but you could always try tcp wrappers..
hosts.deny / hosts.allow.
then search for examples
NOTE: tcpwrappers only work with apps that have libwrap.so compiled in. check with
ldd `which <progname` | grep libwrap