Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-15-2005, 05:55 AM   #1
Registered: Feb 2003
Distribution: xNIX
Posts: 121

Rep: Reputation: 15
iptables: blocking for specific time & comparison with cisco IOS ACL


Im doing a bit of different implementation of iptable. what i want to do is to block the iptables: blocking for specific time .
like blocking specific web site for timings in office house and , allow in the week end.
but i dont want to add seprate rule for each web server of that web site. i just want to use Domainname so that it covers all webserver against it in the DNS record automatically.

secondly need some comparison and features to iptables to compare with cisco IOS ACL , for implementing in medium sized network.

Support for iptables and cisco geeks needed, help will be highly appreciated.


Last edited by farhan; 05-15-2005 at 05:56 AM.
Old 05-15-2005, 06:51 AM   #2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
using iptables to block hosts via DNS addresses is a bad idea, IMHO... it's not as effective as it looks like at first sight... i'm not even sure it can be done, but if it can then i assume the DNS would be resolved when the script is run, and then the resolved IP would be inserted in the rule... so not only would it slow your script down (and be error-prone), but it would also be about as pointless as trying to filter ONE of the website's several IPs - and when the website IP your client is currently connected on changes it would be more than pointless, it would be useless... try blocking with an iptables rule, for example - they have about a zillion IPs...

IMHO, your best bet is to use a content filtering proxy's blacklist feature... you'd preferably want a filter which will also do reverse-DNS resolution... an example is - this way you just put "" in the blacklist and it won't matter if the client tries to connect to "" or any of the zillions of IPs associated to that domain - all the client's connection attempts would be denied - automatically... and yeah, you can easily set a cronjob to implement the blacklist rules you want at the times you want...

just my ...

Last edited by win32sux; 05-15-2005 at 07:07 AM.
Old 06-11-2005, 11:15 AM   #3
Registered: Jun 2005
Posts: 43

Rep: Reputation: 15
The best thing to use for blocking something a set period is to create a cronjob with two scripts
one to add the filters, and one to remove and run the first at say 9am and the second at 5pm.

$crontab -e
(this will open vi or EDITOR as defined in the environment variables)
# m h dom mon dow
0 9 * * * /path/to/addfilter
0 17 * * * /path/to/removefilter

As for the weekend you could add a similar entry to run every friday say.

save it and it will be installed.

man crontab will give you all of the information you need on using cron.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking access to specific Websites and IP Ports fieldyweb Linux - Newbie 3 12-02-2005 06:32 AM
Blocking Traffic on a specific port (kazaa) GratePayne Linux - Security 4 05-09-2004 10:10 AM
Domain and specific 'word' blocking in firewall2 hiplainsdrifter Linux - Newbie 5 04-07-2004 04:54 PM
Blocking ports for a specific IP Shrimpy Linux - Networking 1 12-23-2002 12:48 PM
QMail and blocking specific extensions Rob de Jong Linux - General 1 05-01-2002 03:11 PM

All times are GMT -5. The time now is 08:11 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration