Originally Posted by benjalien
I'm trying to use iptables (debian machine with two nics filtering the net connection) to block a domain including all of it's subdomains (a.domain.com, b.domain.com, c.domain.com,...).
What I actually do is
iptables -A FORWARD -d a.domain.com -j dropAndLog;
but the domain seems to have several servers... how could I block them all at a time?
P.S.: If this has been answered before, redirecting me to the post would be fair game
Should be easy enough to find all the servers this domain has from a dns lookup.
Take google.com for example:-
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 22.214.171.124
www.l.google.com has address 126.96.36.199
www.l.google.com has address 188.8.131.52
www.l.google.com has address 184.108.40.206
NetRange: 220.127.116.11 - 18.104.22.168
so from this you could add a rule such as
iptables -A FORWARD -d 22.214.171.124/17 -j dropAndLog
A bit drastic maybe, but you could always try tcp wrappers..
hosts.deny / hosts.allow.
then search for examples
NOTE: tcpwrappers only work with apps that have libwrap.so compiled in. check with
ldd `which <progname` | grep libwrap