Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-01-2014, 08:49 AM   #1
LQ Newbie
Registered: Jun 2014
Posts: 11

Rep: Reputation: Disabled

Hi All,

Is it possible to block all website except one using iptables?

Thanks in advance.
Old 08-01-2014, 09:48 AM   #2
Senior Member
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
Theoretically, yes. You can block http and https ports, but some websites can use other ports. Another problem may be that you can block by IP of server, but after some time it can change, or one site can have multiple IP addresses, or one IP address can be assigned to multiple web sites. Even more some applications may also use these ports, not necessarily for web traffic and would be blocked too. But for trivial cases you can use iptables like that (for allowing only
iptables -I OUTPUT -p tcp --dport 80 ! -d -j REJECT
iptables -I OUTPUT -p tcp --dport 443 -j REJECT
Sometimes one web site use muliple domains, than you need to slightly modify rules. There are other tools than iptables for that task.
1 members found this post helpful.
Old 08-01-2014, 10:00 AM   #3
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
If I undertand correctly, No, not with iptables. It sounds like you have a web server with VirtualHosts enabled. In that case you would want to make sure that only the site you want to work is enabled. A typical VirtualHost file looks like:

# Ensure that Apache listens on port 80
Listen 80

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /www/example1

# Other directives here


<VirtualHost *:80>
DocumentRoot /www/example2

# Other directives here

You can just make a backup of your vhost file, in case you want to roll back changes, then delete everything out of the original except for the vhost you want to be enabled.

If you are using ubuntu, there are command line utilities to enable and disable sites:
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/ z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from brainlego Linux - Software 0 08-11-2003 06:08 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration