LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-01-2014, 08:49 AM   #1
pein.mercado
LQ Newbie
 
Registered: Jun 2014
Posts: 11

Rep: Reputation: Disabled
IPTables


Hi All,

Is it possible to block all website except one using iptables?

Thanks in advance.
 
Old 08-01-2014, 09:48 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
Theoretically, yes. You can block http and https ports, but some websites can use other ports. Another problem may be that you can block by IP of server, but after some time it can change, or one site can have multiple IP addresses, or one IP address can be assigned to multiple web sites. Even more some applications may also use these ports, not necessarily for web traffic and would be blocked too. But for trivial cases you can use iptables like that (for allowing only linuxquestions.org):
Code:
iptables -I OUTPUT -p tcp --dport 80 ! -d 75.126.162.205 -j REJECT
iptables -I OUTPUT -p tcp --dport 443 -j REJECT
Sometimes one web site use muliple domains, than you need to slightly modify rules. There are other tools than iptables for that task.
 
1 members found this post helpful.
Old 08-01-2014, 10:00 AM   #3
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
If I undertand correctly, No, not with iptables. It sounds like you have a web server with VirtualHosts enabled. In that case you would want to make sure that only the site you want to work is enabled. A typical VirtualHost file looks like:

Code:
# Ensure that Apache listens on port 80
Listen 80

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.example.com

# Other directives here

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/example2
ServerName www.example.org

# Other directives here

</VirtualHost>
You can just make a backup of your vhost file, in case you want to roll back changes, then delete everything out of the original except for the vhost you want to be enabled.

If you are using ubuntu, there are command line utilities to enable and disable sites:

http://manpages.ubuntu.com/manpages/...2ensite.8.html
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration