LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-08-2008, 04:24 AM   #1
barcaalep
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Rep: Reputation: 0
BLOCK any web site ( IPTABLES )


hello everyone
i am using open suse 11 and i installed IPTABLES i want to right IPTABLES instructions that block any web site

i tried this but it doesnt work

iptables -A INPUT -i eth0 -s 69.49.140.245 -j DROP
 
Old 10-08-2008, 09:49 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Did you check first that you weren't fighting with the SuSEFirewall2 system, which has been known to override hand-amended firewall rulesets? In effect, do you know that the ruleset was what you expected before you changed it and that your change was made?

Secondly, you are not behind a router (anything that is, in effect, a router, whether it says that on the box or not, e.g., some of the ADSL modems are in efect routers)?

If those are both ok, it would be a lot easier if we could see more of your ruleset than this as something else may be coming into play.

Additionally, note that this will only work with nominated ip addresses and if the web site uses more than one or it changes, that will be problematic. As it will be if the web site changes ip address, of course.
 
Old 10-08-2008, 11:04 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
Look in /etc/sysconfig/SuSEfirewall2. You can enter the name of a file with your own rules to add.

Code:
## Type:        string
#
# 25.)
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom
#
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
You might want to block outbound traffic instead of INPUT to block contacting a the website.

Part of the reason your rule didn't work is because it is located after a rule that accepted the traffic.
Code:
sudo /usr/sbin/iptables  -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
Use the OUTPUT or INPUT filter to only list the table you need and insert the rule where it needs to be.
If your test iptables command works, then edit /etc/sysconfig/SuSEfirewall2 and /etc/sysconfig/scripts/SuSEfirewall2-custom so that your rule is run when the firewall service starts.

Because the OUTPUT table is probably not used much, you could create a startup script in /etc/rc.d/ that runs after the SuSEfirewall2 service and inserts a rule before the others in the OUTPUT table. If you use -I instead of -A to insert the rule instead of -A (adding) the rule your iptables command would probably work.

Last edited by jschiwal; 10-08-2008 at 11:09 AM.
 
Old 10-09-2008, 11:33 AM   #4
barcaalep
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
ok guys thanks for the help

the rule that block the IP address it works and it added to the firewall rules BUT the problem is i am surfing on the internet using proxy so how can i do that
like even if the iptables block the IP address my PC doesnt really connect to that ip cuz it connects to the proxy server then
 
Old 10-12-2008, 05:15 AM   #5
Sreenivasan
LQ Newbie
 
Registered: Jan 2008
Posts: 1

Rep: Reputation: 0
Applying iptables firewall rules: Bad argument `any'
Error occured at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
 
Old 10-13-2008, 05:26 AM   #6
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Quote:
Originally Posted by Sreenivasan View Post
Applying iptables firewall rules: Bad argument `any'
Error occured at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Is this supposed in some way to be relevant (and are you a sock puppet?) to the original problem or is it a new problem which is only related to the original problem in that it also concerns iptables?

If this is a new problem (and then a new thread probably would have been a better choice) the information that you give is that you have an error in line 12, but you don't give any details of what might be in line 12 or any context so that someone can see what line 12 should be doing. This does not seem like an action likely to lead to anyone knowing enough about your circumstances to offer you much help.

I shouldn't do this from memory, but offhand I can't think of many (any?) iptables commands where 'any' is a vaid argument, so that could be your problem. but you will have looked at that when you saw the error message, won't you? It is unknown to me what kind of outcome you hope for from posting this fragment.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to block a particular web site bkcreddy17 Linux - Newbie 2 09-02-2008 02:52 PM
Block web site (slack 8.0) Hondro Slackware 6 10-12-2007 04:41 AM
trying to block users from accessing web site with iptables Histamine Linux - Security 2 08-10-2007 09:36 AM
trying to block user from accessing external web site with iptables Histamine Linux - Networking 1 08-10-2007 08:43 AM
How to block web site? General Linux - General 2 10-08-2006 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration