LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-07-2015, 06:58 AM   #1
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Rep: Reputation: 17
need to block list of sites from txt file iptables


Greetings ,

I would like to block list of sites using a txt file to apply thign in following rule:

Code:
iptables -I FORWARD  -m string --string "facebook.com" --algo bm --from 1 --to 600 -j REJECT
Above rule may only block a signle site I want to block a list of sites from a txt file and apply the above rule on those sites.

Looking forward for your kind response.

Regards
Net_Spy
 
Old 12-07-2015, 07:20 AM   #2
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
I've tried the following :


Code:
#!/bin/bash
for x in $(cat test.txt)
do
    #iptables -A INPUT -s $x -j DROP
iptables -A FORWARD  -s $x -m string --string "test.txt" --algo bm --from 1 --to 600  -j DROP
done
and my test.txt file contains:
Code:
yahoo.com
facebook.com
www.google.com
hotmail.com

so far no luck , I appreciate your kind help.


Regards
Net_Spy

Last edited by Net_Spy; 12-07-2015 at 07:36 AM.
 
Old 12-07-2015, 07:31 AM   #3
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
What do you mean by "no luck"?

Aren't the rules created?
Do you get an error message?
 
Old 12-07-2015, 07:33 AM   #4
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by berndbausch View Post
What do you mean by "no luck"?

Aren't the rules created?
Do you get an error message?
by mean of no luck is that as I wanted those packets suppose to be dropped . But when I enter website facebook.com it open up that site , as per rule it should not be opened.

Regards
Net_Spy
 
Old 12-07-2015, 08:18 AM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Could be cached in the browser...?
 
Old 12-07-2015, 09:12 AM   #6
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Quote:
Originally Posted by Net_Spy View Post
by mean of no luck is that as I wanted those packets suppose to be dropped . But when I enter website facebook.com it open up that site , as per rule it should not be opened.
The FORWARD chain doesn't block packets originating from your computer or destined to your computer. Only such packets that are forwarded by your computer.

Or are you trying to configure a router? In this case, I wonder what's in the FORWARD chain after you run the script.
Also, how do you know that the string "facebook.com" is in packets going to facebook?
 
Old 12-09-2015, 12:06 AM   #7
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by Net_Spy View Post
I've tried the following :


Code:
#!/bin/bash
for x in $(cat test.txt)
do
    #iptables -A INPUT -s $x -j DROP
iptables -A FORWARD  -s $x -m string --string "test.txt" --algo bm --from 1 --to 600  -j DROP
done
and my test.txt file contains:
Code:
yahoo.com
facebook.com
www.google.com
hotmail.com

so far no luck , I appreciate your kind help.


Regards
Net_Spy

Thanks issue has been resolved so far little changes to iptable rules


Code:
#!/bin/bash
for x in $(cat test.txt)
do
    #iptables -A INPUT -s $x -j DROP
iptables -t mangle  -I PREROUTING -m string --string $x --algo bm --from 1 --to 600  -j DROP
done
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - Ban a list of ips trough a txt... dan83 Linux - Newbie 42 05-20-2019 06:42 PM
iptables rule to block https sites loveulinux Linux - Newbie 9 11-17-2011 05:33 PM
Iptables - How to block sites with Iptables. hackum Linux - Software 1 11-15-2011 08:05 PM
iptables to block 443 port except for partcular sites crackyblue Linux - Security 6 03-28-2010 10:53 AM
iptables block list ninja master Linux - Security 2 05-06-2009 03:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration