I want to block all http website except
www.sina.com.cn.
Code:
dig www.sina.com.cn
www.sina.com.cn. 3416 IN CNAME jupiter.sina.com.cn.
jupiter.sina.com.cn. 30 IN A 183.232.24.117
jupiter.sina.com.cn. 30 IN A 183.232.24.115
jupiter.sina.com.cn. 30 IN A 183.232.24.116
jupiter.sina.com.cn. 30 IN A 183.232.24.112
jupiter.sina.com.cn. 30 IN A 183.232.24.114
jupiter.sina.com.cn. 30 IN A 183.232.24.113
jupiter.sina.com.cn. 30 IN A 183.232.24.111
Here is my iptables rules configuration to block all other website except
www.sina.com.cn
Code:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 183.232.24.117 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.116 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.115 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.114 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.113 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.112 anywhere tcp spt:http
ACCEPT tcp -- 183.232.24.111 anywhere tcp spt:http
DROP tcp -- anywhere anywhere tcp spt:http
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 183.232.24.117 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.116 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.115 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.114 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.113 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.112 tcp dpt:http
ACCEPT tcp -- anywhere 183.232.24.111 tcp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:http
Code:
iptables-save > /etc/iptables/rules.v4
Now to test it to input
www.sina.com.cn in firefox.
I found that speed to open the website
www.sina.com.cn slow down ,very very slow.
Usually it cost 1 second to open the website
www.sina.com.cn,it cost almost 1 minutes to open ,why and how to fix it?