-   Linux - Networking (
-   -   Allow only a sub domain in firewell (

muradcsc 06-13-2011 06:07 AM

Allow only a sub domain in firewell
I have got a centos 5.5 box with 2 interface (WAN & LAN) and trying to configure firewall so that LAN user can browse
(where XXX can be anything). nothing else.

I googled whole day but no luck

Any Help will be appreciated.



acid_kewpie 06-13-2011 06:10 AM

this is not a firewalls job. It will deal with IP addressing, and NOT domain names. Not surprising you didn't find anything.

Whilst it is occasionally possible to have firewalling systems that can utilize some elements of DNS, it is not viable to rely on DNS lookups to permit firewall connections as the overhead and latency is vast, and the reliability is poor.

muradcsc 06-13-2011 06:31 AM

Hi Chris,
thanks for your quick reply.
could you please help how can i do that? is there any possible way?



acid_kewpie 06-13-2011 06:33 AM

what do you mean by "browse a domain"? if this is web traffic, then that's what an http proxy is for. Anything else, you need to write more informative and detailed posts about your situation.

muradcsc 06-13-2011 06:53 AM

OK let me explain, As I told before my linux server contains 2 interface cards eth0 for WAN and eth1 is LAN(, dhcp server is enabled on eth1 interface. Now situation is I want configure the linux server such way that any node inside LAN (for example can only access if it want to access say for example it will be rejected.

Hope the situation is now clear.

thanks again


acid_kewpie 06-13-2011 07:03 AM

Well that's not really any more use, but I'll assume you do mean http traffic. So use a proxy, like Squid.

instag 06-13-2011 05:53 PM

A proxy is the best way for sure.
If you don't care about using the server for other outgoing traffic and "" has a fixed IP address range (for example ""), you could restrict the traffic with an OUTPUT rule:

iptables -A OUTPUT -o eth0 ! -d -j REJECT

All times are GMT -5. The time now is 01:55 PM.