unable to block domain( use of IPTABLES)

1,438 views
Skip to first unread message

Pinakin Bhatt

unread,
Nov 2, 2011, 2:04:36 AM11/2/11
to VG...@googlegroups.com
Hi.All,
 
i am facing problem of IPTABLES. I want to block some domain through IPTABLES. My network scenario are as under.
 
I am using RHEL5 for firewall and netsharing purpose.
 
etho = LAN
 
eh1 = WAN
 
for internet connection sharing i have used following command and it is working fine i am accessing internet from another window  machine.
 
iptables -A POSTROUTING -o eth1 -j MASQUERADE
 
now i want to block some domain e.g. youtube.com, facebook.com. etc....so i have used following command but it doesn't work.
 
 iptables -A INPUT -i eth1 -p ALL -s youtube.com -j DROP
 
please guide me..
 
Regards,
Pinakin

 
 
 

Nirmal Pathak

unread,
Nov 2, 2011, 2:37:45 AM11/2/11
to vg...@googlegroups.com

Check this link: https://bbs.archlinux.org/viewtopic.php?id=114995


> Regards,
> Pinakin

Have FuN!
--
Nirmal D Pathak.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What I want is freedom, not life, nor pleasure, nor good!
FOSS gives that.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pinakin Bhatt

unread,
Nov 2, 2011, 2:51:01 AM11/2/11
to vg...@googlegroups.com
Hi..
 
Thanks sir, i have used those command but it doesn't work.
 
iptables -A INPUT -s facebook.com -j DROP
iptables -A OUTPUT -d facebook.com -j DROP
 
still i am accessing facebook.com from another machine.
 
Regards,
Pinakin

--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG

Tejas Barot

unread,
Nov 2, 2011, 2:54:54 AM11/2/11
to VGLUG
Hello,

If you apply rules with domain name at that time then it will not block with name, it will resolve the domain name to ip at time of that rule and It will block only that ip which resolved at that time.

For the same I'll find something and let you know if I'll get it.

I hope this helps you.
--
Thanks & Regards,
Tejas Barot
Linux Administrator,
Red Hat Certified Engineer,
Linux Blog:- http://www.tejasbarot.com
Open Source :- http://opensource.tejasbarot.com
Planet VGLUG :- http://planet-vglug.tejasbarot.com

"Now-a-days, Life and than after Time is Most Important,
Then why to invest both in WinowsZ and Viruses ???
Invest Valuable Life and Time in Linux, Use Linux and Open Source" - Tejas Barot

Like My Linux quote ? To Read or Submit More Linux Quotes :- http://linux-quotes.tejasbarot.com

Registered Linux User :- https://linuxcounter.net/user/507586.html

Sent on my BlackBerry® from Vodafone
From: Pinakin Bhatt <pbb...@gmail.com>
Date: Wed, 2 Nov 2011 12:21:01 +0530
Subject: Re: [VGLUG] unable to block domain( use of IPTABLES)

Nishith Vyas

unread,
Nov 3, 2011, 1:53:43 AM11/3/11
to vg...@googlegroups.com
Hello,

The suggested command by you won't work as i have also tested it on Redhat platform. Probably, you can use "squid ACL" with iptables MASQ rules for such setup. If not, then some silly practical is given below.

Use "host youtube.com" command & get all the ip addresses. Like,

#host youtube.com
youtube.com has address 74.125.236.104
youtube.com has address 74.125.236.107
youtube.com has address 74.125.236.99
youtube.com has address 74.125.236.111
youtube.com has address 74.125.236.108
youtube.com has address 74.125.236.102
youtube.com has address 74.125.236.97
youtube.com has address 74.125.236.96
youtube.com has address 74.125.236.100
youtube.com has address 74.125.236.110
youtube.com has address 74.125.236.106
youtube.com has address 74.125.236.101
youtube.com has address 74.125.236.105
youtube.com has address 74.125.236.109
youtube.com has address 74.125.236.98
youtube.com has address 74.125.236.103

Then, block all IP Addresses using below command.

iptables -A INPUT -i eth1 -p ALL -s < ip address > -j DROP



Regards,
Nishith N.Vyas


 
 

--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG



--
With Best Regards,

Nishith N.Vyas
RHCSA,RHCE,LCP,LCA

Pinakin Bhatt

unread,
Nov 3, 2011, 5:27:33 AM11/3/11
to vg...@googlegroups.com
Hi..

Thanks Nishith

i also did some research and i am able to block "youtube.com" but when i will use "www.youtube.com" then its not works..

Regards,
Pinakin

Tejas Barot

unread,
Nov 3, 2011, 5:30:02 AM11/3/11
to VGLUG
Hello,

Just a guess, execute host command with www.

#host www.youtube.com and if you see few different IPs then block it :)

Hope this helps....
--
Thanks & Regards,
Tejas Barot
Linux Administrator,
Red Hat Certified Engineer,
Linux Blog:- http://www.tejasbarot.com
Open Source :- http://opensource.tejasbarot.com
Planet VGLUG :- http://planet-vglug.tejasbarot.com

"Now-a-days, Life and than after Time is Most Important,
Then why to invest both in WinowsZ and Viruses ???
Invest Valuable Life and Time in Linux, Use Linux and Open Source" - Tejas Barot

Like My Linux quote ? To Read or Submit More Linux Quotes :- http://linux-quotes.tejasbarot.com

Registered Linux User :- https://linuxcounter.net/user/507586.html

Sent on my BlackBerry® from Vodafone
From: Pinakin Bhatt <pbb...@gmail.com>
Date: Thu, 3 Nov 2011 14:57:33 +0530
Subject: Re: [VGLUG] unable to block domain( use of IPTABLES)

Reply all
Reply to author
Forward
0 new messages