Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using RHEL 4 AS version on which our firewall ( using iptables ) has been configured. Here I want to block particular website which uses https, say for example https://abc.com.
Is it possible to do with iptables.
Also I want to know how it can be achieved using squid proxy to filter https traffic.
Im using Trustix as my proxy,i had problem blocking with url_regex. it didnt work so well.so i dont use that way.now im using dansguardian,working well tho.but,dansguardian lil bit aggresive with the rules.
A firewall prevents all network access to your server (with certain exceptions that you will specify).
You can configure a firewall on your VPS using the Webmin control panel. The iptables command will actually implement the firewall rules.
Before you decide to set up a firewall, please consider... 1) Misconfiguring a firewall can prevent you from accessing your own server. 2) The best way to prevent someone from accessing services on your VPS is to simply not run those services. 3) Firewalls don't protect you from insecure services. So keep your server up to date with the latest security patches. For example, using apt-get update; apt-get upgrade.
Note: A few people with mulitple IPs have reported this HOWTO does not work for them. So we recommend following this HOWTO on servers with a single IP only.
Discouraged yet? If you still want to proceed setting up a firewall, here goes...
Go to your Webmin control panel. Select Networking | Linux Firewall. Webmin will offer to create default rules for you. Select the "Block all except SSH, IDENT, ping and high ports on interface" option. You don't need to enter anything in the input to the right of the "eth0" combo.
On the resulting page there will be an option "If protocol is TCP and destination port is ssh". Select that option. On the Edit Rule page, go down to the "Destination TCP or UDP port" option. Change the option from equalling "ssh" to equalling "ssh,www,https,pop3,smtp,imap,imaps,pop3s,10000". Add in whatever other ports you need, or remove ports you want to exclude. Hit Save.
Click 'Add Rule'. For Rule Comment set "Allow traceroutes". Action to Take is 'Accept'. Set Network Protocol 'Equals' 'UDP'. Set Destination TCP or UDP port 'Equals' 'Port Range' '33434' to '33523'.
Hit Apply Configuration. Check that 'Activate at Boot' is Yes.
On your VPS you should now be able to run iptables --list and get a list of all your iptable rules. You can remove all the rules by stopping iptables: /etc/init.d/iptables stop. You can also stop the iptables service from running at startup by running chkconfig --del iptables. Or you can remove the iptables rules by running echo "" > /etc/sysconfig/iptables
Hi to all.Sorry for noob question but after i type:
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 443 -j DROP(for all trafic http)
or
iptables -t nat -I PREROUTING -m tcp -p tcp -d www.example.com --dport 443 -j DROP(for one http)
or
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 443(to redirect traffic to a specific port)
Shoud i stop iptables every time when i using one from above commnads.If the answer yes which command i have to used to stop iptables.I am with ubuntu 11.10
regards
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
how to block https using iptables
