LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-15-2005, 05:55 AM   #1
farhan
Member
 
Registered: Feb 2003
Distribution: xNIX
Posts: 121

Rep: Reputation: 15
iptables: blocking something.com for specific time & comparison with cisco IOS ACL


Hi

Im doing a bit of different implementation of iptable. what i want to do is to block the iptables: blocking something.com for specific time .
like blocking specific web site for timings in office house and , allow in the week end.
but i dont want to add seprate rule for each web server of that web site. i just want to use Domainname so that it covers all webserver against it in the DNS record automatically.

secondly need some comparison and features to iptables to compare with cisco IOS ACL , for implementing in medium sized network.

Support for iptables and cisco geeks needed, help will be highly appreciated.

THX

Last edited by farhan; 05-15-2005 at 05:56 AM.
 
Old 05-15-2005, 06:51 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
using iptables to block hosts via DNS addresses is a bad idea, IMHO... it's not as effective as it looks like at first sight... i'm not even sure it can be done, but if it can then i assume the DNS would be resolved when the script is run, and then the resolved IP would be inserted in the rule... so not only would it slow your script down (and be error-prone), but it would also be about as pointless as trying to filter ONE of the website's several IPs - and when the website IP your client is currently connected on changes it would be more than pointless, it would be useless... try blocking google.com with an iptables rule, for example - they have about a zillion IPs...

IMHO, your best bet is to use a content filtering proxy's blacklist feature... you'd preferably want a filter which will also do reverse-DNS resolution... an example is http://www.dansguardian.org/ - this way you just put "google.com" in the blacklist and it won't matter if the client tries to connect to "google.com" or any of the zillions of IPs associated to that domain - all the client's connection attempts would be denied - automatically... and yeah, you can easily set a cronjob to implement the blacklist rules you want at the times you want...

just my ...


Last edited by win32sux; 05-15-2005 at 07:07 AM.
 
Old 06-11-2005, 11:15 AM   #3
mattLSO
Member
 
Registered: Jun 2005
Posts: 43

Rep: Reputation: 15
The best thing to use for blocking something a set period is to create a cronjob with two scripts
one to add the filters, and one to remove and run the first at say 9am and the second at 5pm.

Example:
$crontab -e
(this will open vi or EDITOR as defined in the environment variables)
# m h dom mon dow
0 9 * * * /path/to/addfilter
0 17 * * * /path/to/removefilter

As for the weekend you could add a similar entry to run every friday say.

save it and it will be installed.

man crontab will give you all of the information you need on using cron.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking access to specific Websites and IP Ports fieldyweb Linux - Newbie 3 12-02-2005 06:32 AM
Blocking Traffic on a specific port (kazaa) GratePayne Linux - Security 4 05-09-2004 10:10 AM
Domain and specific 'word' blocking in firewall2 hiplainsdrifter Linux - Newbie 5 04-07-2004 04:54 PM
Blocking ports for a specific IP Shrimpy Linux - Networking 1 12-23-2002 12:48 PM
QMail and blocking specific extensions Rob de Jong Linux - General 1 05-01-2002 03:11 PM


All times are GMT -5. The time now is 03:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration