$INTIF = eth0
# Flush the chains
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
#drop all traffic
$IPTABLES -A INPUT -i $INTIF -p tcp -j drop
$IPTABLES -A INPUT -i $INTIF -p udp -j drop
$IPTABLES -A INPUT -i $INTIF -p tcp -j drop
# Allow your 2 destinations
$IPTABLES -A INPUT -i $EXTIF -s 0.0.0.0 -d
www.site1.com -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s 0.0.0.0 -d
www.site1.com -j ACCEPT
Although I'm not sure you can allow based on a DNS name. I tried to block using a DNS entry, and it wasn't quite succussful. What I've typed would have to be running on the machine you want to restrict