LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-28-2007, 03:00 PM   #1
achulxp
LQ Newbie
 
Registered: Jan 2006
Posts: 5

Rep: Reputation: 0
Unhappy HOW TO blocking a website with iptables ??


Hi

i wanna ask about iptables ,

how if i want to block some domain name with iptables ...

exp = micr*s0ft.com

i have tried several way .. but still unsuccesfuly .. o_O
PLEASE HELP ME !!!!

... some one use a website attacking my network ...

i have tried put this on my rule ...
#iptables -A FORWARD -s micr*s0ft.com -j REJECT
#iptables -I INPUT -s micr*s0ft.com -j DROP
#iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT
#iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT
#iptables -A INPUT -s micr*s0ft.com -j REJECT

Any suggest will be very appreciated

#ps* .. so sorry for my language


Thank you

Last edited by achulxp; 11-28-2007 at 03:32 PM.
 
Old 11-28-2007, 08:21 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by achulxp View Post
how if i want to block some domain name with iptables ...

exp = micr*s0ft.com

i have tried several way .. but still unsuccesfuly .. o_O
PLEASE HELP ME !!!!

... some one use a website attacking my network ...

i have tried put this on my rule ...
#iptables -A FORWARD -s micr*s0ft.com -j REJECT
#iptables -I INPUT -s micr*s0ft.com -j DROP
#iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT
#iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT
#iptables -A INPUT -s micr*s0ft.com -j REJECT
Wildcards (*) won't work with iptables. Also, using domain names in iptables rules is terribly ineffective. A DNS lookup is done when the rule is executed, and the resulting IP(s) are used in the rule. That means that you'll potentially be lacking tons of IPs, and the ones you do have might become useless anytime. If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.
 
Old 11-29-2007, 04:20 PM   #4
achulxp
LQ Newbie
 
Registered: Jan 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Smile

Thank`s for replaying guyz

^_^

Btw .. i`ll Check out the link ..

..

Quote:
win32sux = If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.
..PLEASE any suggest will be very Welcome

** sorry for my language o_O

Cheers
 
Old 11-30-2007, 07:53 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by achulxp View Post
..PLEASE any suggest will be very Welcome
We can't make any suggestions if we don't know what you need suggestions about. You need to describe (be as verbose as possible) the type of attack before we can suggest any sort of countermeasure. So far, nothing you've posted even hints at what type of attack this is.

Last edited by win32sux; 11-30-2007 at 07:55 AM.
 
Old 12-01-2007, 12:18 PM   #6
nowshining
Member
 
Registered: Dec 2007
Distribution: Ibex
Posts: 93

Rep: Reputation: 15
u'll have to use ips and if u'd like to block all DOMAIN names u can these just replace where needed.

iptables -A OUTPUT -p all --destination 127.0.0.1 -j DROP


find out the ip of a domain name and then find out it's whole ip range(s). I don't know if this rule will work exactly for u, but it works for me in custom-rules using arno-iptables-firewall for blocking access to whole ip ranges which \begin edit\ equales domain names /edit end/, and also does NOT gripe about it.

yes just change 127.0.0.1 to whatever ip and add a slash and then the netmask range and restart the firewall.

Example to block the WHOLE 224.0.0.0 range - IGMP/BROADCAST range, the following rule should suffice..

iptables -A OUTPUT -p all --destination 224.0.0.0/3 -j DROP

Last edited by nowshining; 12-01-2007 at 12:20 PM.
 
Old 12-01-2007, 02:51 PM   #7
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.

Last edited by win32sux; 12-01-2007 at 02:54 PM.
 
Old 12-01-2007, 02:56 PM   #8
nowshining
Member
 
Registered: Dec 2007
Distribution: Ibex
Posts: 93

Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.
it was just some info that i wanted to share because it seemed relevant to what i was trying to do yesterday in my time zone. .

edit: -->

adding: they could also change OUTPUT to INPUT for incoming connections...

Last edited by nowshining; 12-01-2007 at 03:00 PM.
 
Old 08-28-2010, 01:29 PM   #9
TheCuriousGirl
LQ Newbie
 
Registered: Aug 2010
Posts: 1

Rep: Reputation: 0
Wink

If you want to block domain names, it would makes sense to do it when they are looked up.

dd-wrt is a Linux-based router (firmware). Using its DNSMasq feature, you can easily block domains(subdomains) for all the computers on your network.

The detailed instruction is found: http://www.gwgamedev.com/about/opinion/blockingDomain/

Last edited by unSpawn; 08-30-2010 at 10:28 AM. Reason: Merge posts and correct URI
 
Old 06-09-2011, 02:20 AM   #10
manikandantgr
LQ Newbie
 
Registered: Jun 2009
Posts: 6

Rep: Reputation: 0
Thumbs up Block Website via Iptables

my system is working as a router(RHEL5). i want block some website using iptables
 
Old 06-09-2011, 10:29 AM   #11
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by manikandantgr View Post
my system is working as a router(RHEL5). i want block some website using iptables
Why don't you want to use the right tool for the job instead?

Are you being forced to use iptables for this?
 
1 members found this post helpful.
Old 06-10-2011, 05:11 AM   #12
Lexus45
Member
 
Registered: Jan 2010
Location: Kurgan, Russia
Distribution: Slackware, Ubuntu
Posts: 339
Blog Entries: 3

Rep: Reputation: 47
If you want to block outgoing traffic from your PC to xxx.com , you need to do this:
Code:
iptables -A OUTPUT -p tcp -m string --string "xxx.com" --algo kmp -j DROP
I hope, the idea is clear and the key options are:
Code:
-m string --string "xxx.com" --algo kmp
But I'm not sure this is the right way to block many FQDNs. Though if you want to block a few ones, why not.

Last edited by Lexus45; 06-10-2011 at 05:26 AM.
 
1 members found this post helpful.
  


Reply

Tags
help


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid website blocking! (smoothwall) venki Linux - Newbie 4 06-02-2008 07:02 AM
squid website blocking Ammad Linux - Networking 1 11-07-2007 10:05 AM
DNS Website blocking Last Attacker Linux - Networking 3 10-29-2006 01:09 AM
squid website blocking? belkens Linux - Networking 2 12-11-2004 07:34 AM
Squid is blocking me out of one particular website. danielw Linux - Software 0 07-02-2004 11:30 PM


All times are GMT -5. The time now is 06:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration