Bloack Site in IPTABLES?

LQtoto · 04-03-2004, 08:51 PM

How can I block access to a site and all sub-domains from that site in IPTABLES?

I want to block *.site.com

So that the following are all blocked:
abc.site.com
123.site.com
xyz.site.com

Thanks.

xerophyte · 04-03-2004, 09:13 PM

Hello,
do a ping on the site.com, obtain the ip address after you have obtain the ip address, login to the linux using at the shell promt type

iptables -A -L INPUT -s site.comIP -j DROP

ping the domain and subdomains, mostly domain and subdomains are hosted on ip address, if you see different ip address you need to block each one of them.

Hope that helps

LQtoto · 04-03-2004, 09:20 PM

> "if you see different ip address you need to block each one of them."

Each subdomain has a different IP address.

So there is no way to use a wildcard?

ugge · 04-04-2004, 03:55 AM

You can use DNS names in the -s option, but it is not recommended to use DNS names.
This slows down the filtering and can be by passed by changing/spoofing DNS.

If the IP addresses found during the ping are within the same IP network then you can specify a address scope, like 192.168.0.0/24

chrisfirestar · 04-06-2004, 12:44 AM

maybe consider setting up SQUID CACHE that will allow dns blocks. much easier that keeping an eye on constantly changing (and growing) ip addresses for service you want to block.

The other option u have is if you have an Internal DNS set up some "dummy hosts" so for example i was having problems blocking icq in my office because they are getting too smart. So on my DNS server i setup a host login.icq.com which means nobody can login

hazza96 · 04-26-2007, 01:26 AM

I too want to block a wildcard domain because the IM system doesn't go through Squid and unlike ICQ the login process has fall back server names if one gets blocked and I can't track them all down.