firewall and virtualhosting
i am blocking a website by router using acl but when i browse it, it isn't block. i defined all ip address.
To solve the problem i used dns. the websever is servring name base virtual hosting. Is there any way to block it using name by iptables. e.g iptables -I INPUT -s *.contoso.com -j DROP |
Iptables only deals with IPs. You need to use a proxy server to handle hostnames.
Brian1 |
Brian1,
I beg to differ -- from the iptables man page on my MEPIS 3.3.2 system: "Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address." Ammad, It looks like your rule would work fine, but note the warning in the man page. BTW, which DNS server program are you using? |
Correct on the hostname, it can be used in some iptable commands. I always use IP values through out since like Rick mentions about resolving to DNS or other sources.
Brian1 |
All times are GMT -5. The time now is 11:38 PM. |