Did you know LQ has a Linux Hardware Compatibility List?
 Home Forums HCL Reviews Tutorials Articles Register Search Today's Posts Mark Forums Read
 LinuxQuestions.org HOW TO blocking a website with iptables ??
 Linux - Security This forum is for all security related questions. Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

 11-28-2007, 03:00 PM #1 achulxp LQ Newbie   Registered: Jan 2006 Posts: 5 Rep: HOW TO blocking a website with iptables ?? Hi i wanna ask about iptables , how if i want to block some domain name with iptables ... exp = micr*s0ft.com i have tried several way .. but still unsuccesfuly .. o_O PLEASE HELP ME !!!! ... some one use a website attacking my network ... i have tried put this on my rule ... #iptables -A FORWARD -s micr*s0ft.com -j REJECT #iptables -I INPUT -s micr*s0ft.com -j DROP #iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT #iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT #iptables -A INPUT -s micr*s0ft.com -j REJECT Any suggest will be very appreciated #ps* .. so sorry for my language Thank you Last edited by achulxp; 11-28-2007 at 03:32 PM.
 11-28-2007, 07:00 PM #2 ehawk Senior Member   Registered: Jul 2003 Posts: 1,257 Rep: Look at the "blocking spam" entry on this webpage: http://www.hojohnlee.com/hacks/category/linux/ http://en.allexperts.com/q/Unix-Linu...e-iptables.htm http://linuxpakistan.net/forum/viewt...bsite+iptables http://www.cyberciti.biz/tips/linux-...p-address.html http://www.derkeiler.com/Newsgroups/...5-02/0042.html http://www.unixreview.com/documents/...103c/0103c.htm
11-28-2007, 08:21 PM   #3
win32sux
Guru

Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep:
Quote:
 Originally Posted by achulxp how if i want to block some domain name with iptables ... exp = micr*s0ft.com i have tried several way .. but still unsuccesfuly .. o_O PLEASE HELP ME !!!! ... some one use a website attacking my network ... i have tried put this on my rule ... #iptables -A FORWARD -s micr*s0ft.com -j REJECT #iptables -I INPUT -s micr*s0ft.com -j DROP #iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT #iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT #iptables -A INPUT -s micr*s0ft.com -j REJECT
Wildcards (*) won't work with iptables. Also, using domain names in iptables rules is terribly ineffective. A DNS lookup is done when the rule is executed, and the resulting IP(s) are used in the rule. That means that you'll potentially be lacking tons of IPs, and the ones you do have might become useless anytime. If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.

11-29-2007, 04:20 PM   #4
achulxp
LQ Newbie

Registered: Jan 2006
Posts: 5

Original Poster
Rep:

Thanks for replaying guyz

^_^

Btw .. ill Check out the link ..

..

Quote:
 win32sux = If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.
..PLEASE any suggest will be very Welcome

** sorry for my language o_O

Cheers

11-30-2007, 07:53 AM   #5
win32sux
Guru

Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep:
Quote:
 Originally Posted by achulxp ..PLEASE any suggest will be very Welcome
We can't make any suggestions if we don't know what you need suggestions about. You need to describe (be as verbose as possible) the type of attack before we can suggest any sort of countermeasure. So far, nothing you've posted even hints at what type of attack this is.

Last edited by win32sux; 11-30-2007 at 07:55 AM.

 12-01-2007, 12:18 PM #6 nowshining Member   Registered: Dec 2007 Distribution: Ibex Posts: 93 Rep: u'll have to use ips and if u'd like to block all DOMAIN names u can these just replace where needed. iptables -A OUTPUT -p all --destination 127.0.0.1 -j DROP find out the ip of a domain name and then find out it's whole ip range(s). I don't know if this rule will work exactly for u, but it works for me in custom-rules using arno-iptables-firewall for blocking access to whole ip ranges which \begin edit\ equales domain names /edit end/, and also does NOT gripe about it. yes just change 127.0.0.1 to whatever ip and add a slash and then the netmask range and restart the firewall. Example to block the WHOLE 224.0.0.0 range - IGMP/BROADCAST range, the following rule should suffice.. iptables -A OUTPUT -p all --destination 224.0.0.0/3 -j DROP Last edited by nowshining; 12-01-2007 at 12:20 PM.
 12-01-2007, 02:51 PM #7 win32sux Guru   Registered: Jul 2003 Location: Los Angeles Distribution: Ubuntu Posts: 9,870 Rep: nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time. Last edited by win32sux; 12-01-2007 at 02:54 PM.
12-01-2007, 02:56 PM   #8
nowshining
Member

Registered: Dec 2007
Distribution: Ibex
Posts: 93

Rep:
Quote:
 Originally Posted by win32sux nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.
it was just some info that i wanted to share because it seemed relevant to what i was trying to do yesterday in my time zone. .

edit: -->

adding: they could also change OUTPUT to INPUT for incoming connections...

Last edited by nowshining; 12-01-2007 at 03:00 PM.

 08-28-2010, 01:29 PM #9 TheCuriousGirl LQ Newbie   Registered: Aug 2010 Posts: 1 Rep: If you want to block domain names, it would makes sense to do it when they are looked up. dd-wrt is a Linux-based router (firmware). Using its DNSMasq feature, you can easily block domains(subdomains) for all the computers on your network. The detailed instruction is found: http://www.gwgamedev.com/about/opinion/blockingDomain/ Last edited by unSpawn; 08-30-2010 at 10:28 AM. Reason: Merge posts and correct URI
 06-09-2011, 02:20 AM #10 manikandantgr LQ Newbie   Registered: Jun 2009 Posts: 6 Rep: Block Website via Iptables my system is working as a router(RHEL5). i want block some website using iptables
06-09-2011, 10:29 AM   #11
win32sux
Guru

Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep:
Quote:
 Originally Posted by manikandantgr my system is working as a router(RHEL5). i want block some website using iptables
Why don't you want to use the right tool for the job instead?

Are you being forced to use iptables for this?

1 members found this post helpful.
 06-10-2011, 05:11 AM #12 Lexus45 Member   Registered: Jan 2010 Location: Kurgan, Russia Distribution: Slackware, Ubuntu Posts: 339 Blog Entries: 3 Rep: If you want to block outgoing traffic from your PC to xxx.com , you need to do this: Code: iptables -A OUTPUT -p tcp -m string --string "xxx.com" --algo kmp -j DROP I hope, the idea is clear and the key options are: Code: -m string --string "xxx.com" --algo kmp But I'm not sure this is the right way to block many FQDNs. Though if you want to block a few ones, why not. Last edited by Lexus45; 06-10-2011 at 05:26 AM. 1 members found this post helpful.

 Tags help