Originally Posted by unSpawn
I don't like to see this thread go OT, but what errors do you get?
the error was:
iptables v1.3.4: host/network `www.cnn.com' not found
Try `iptables -h' or 'iptables --help' for more information.
but i figured it out... since i was doing it by editing my iptables script, there was no OUTPUT rules at the moment of execution allowing outgoing DNS queries... this is due to the fact that i have my INPUT rules written first and of course all chains are flushed and policies set to DROP at the beginning of the script...
so the error is totally understandable and when i execute the command with "-s www.cnn.com" from the command line while my OUTPUT rules are already in place there is no error since the DNS query goes out without being filtered...
"-s cnn.com" should not work (no single CIDR type address/mask), "-s www.cnn.com" should.
curiously, both ways work fine on my box:
iptables -I INPUT -p TCP -s cnn.com -j DROP
iptables -I INPUT -p TCP -s www.cnn.com -j DROP
i'll google about this and figure out why both ways work, don't worry... i also have some other questions about this iptables hostnames thing but like you said, the thread is getting off topic and stuff so i will abstain...
and anyone else reading this thread: it's important to point-out once again that using hostnames in your iptables for this kinda thing is a VERY BAD IDEA AND IS VERY DISCOURAGED
(i was simply trying it out for experimentation and would never do it seriously)...
so to get back on topic, ptah_be
, i will re-post the latest on-topic questions which were asked by unSpawn
so you can answer them please:
So please elaborate: what types of devices are we talking about?
What protocols or applications will they use to access the server?
Aprox how many devices are you talking about?
Will the site or application work with information that should be transfered securely?
remember that the more details and information you provide, the easier it will be to assist you...