iptables block host name instead of ip address
in [Firewalls]
|
From: - on 4 Feb 2005 04:44 How do i block traffic to a specifick hostname. For example www.hotmail.com host www.hotmail.com www.hotmail.com is an alias for www.hotmail.com.nsatc.net. www.hotmail.com.nsatc.net has address 166.63.208.155 www.hotmail.com.nsatc.net has address 207.68.172.241 www.hotmail.com.nsatc.net has address 208.173.208.152 Now i insert all the seperate ip addresses so trafic to www.hotmail.com is blocked. However, when the ip address change, people can go to www.hotmail.com again, without notice. Can this be done with iptables or perhaps some other way? Kind Regards
From: amputee on 4 Feb 2005 17:40 - wrote: > How do i block traffic to a specifick hostname. > For example www.hotmail.com > > host www.hotmail.com > www.hotmail.com is an alias for www.hotmail.com.nsatc.net. > www.hotmail.com.nsatc.net has address 166.63.208.155 > www.hotmail.com.nsatc.net has address 207.68.172.241 > www.hotmail.com.nsatc.net has address 208.173.208.152 > > Now i insert all the seperate ip addresses so trafic to > www.hotmail.com is blocked. > > However, when the ip address change, people can go to www.hotmail.com > again, without notice. > > Can this be done with iptables or perhaps some other way? > > Kind Regards I would setup squid - http://www.squid-cache.org and configure your client computers to use it. Then you can easily control access to anything. For example, to deny access to hotmail.com: acl nohotmail1 dstdomain .hotmail.com http_access deny nohotmail1 acl nohotmail2 dstdomain .hotmail.com.nsatc.net http_access deny nohotmail2 There may be a way to do it using iptables, but this just seems easier.
From: Mike on 4 Feb 2005 12:02 - wrote: > How do i block traffic to a specifick hostname. > For example www.hotmail.com > > host www.hotmail.com > www.hotmail.com is an alias for www.hotmail.com.nsatc.net. > www.hotmail.com.nsatc.net has address 166.63.208.155 > www.hotmail.com.nsatc.net has address 207.68.172.241 > www.hotmail.com.nsatc.net has address 208.173.208.152 > > Now i insert all the seperate ip addresses so trafic to > www.hotmail.com is blocked. > > However, when the ip address change, people can go to www.hotmail.com > again, without notice. > > Can this be done with iptables or perhaps some other way? > > Kind Regards The web is a wonderful resource often overlooked:- http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 Excerpt:- Specifying Source and Destination IP Addresses Source (`-s', `--source' or `--src') and destination (`-d', `--destination' or `--dst') IP addresses can be specified in four ways. The most common way is to use the full name, such as `localhost' or `www.linuxhq.com'. The second way is to specify the IP address such as `127.0.0.1'. -- ------------------------------------ Real email to mike. The header email is a spam trap and you will be blacklisted, submitted to anti-spam sites and proably burn in hell.
From: Moe Trin on 4 Feb 2005 20:56 In article <8ab0e2d9.0502040144.4418327c(a)posting.google.com>, mapsit(a)hotmail.com wrote: >How do i block traffic to a specifick hostname. Have you tried a rule specifying the hostname, rather than the IP? That worked with IPCHAINS though it wasn't very efficient. >host www.hotmail.com Yeah, it's a CNAME which translates to a lot of different IPs. >Now i insert all the seperate ip addresses so trafic to >www.hotmail.com is blocked. A better solution is to run your own DNS server, and make it return a NXDOMAIN answer or have it return a specific IP like 1.2.3.4 and then reject that on the firewall. Of course, if they are smart, they can tell their own resolver to try other name servers, so you'd want to block (or redirect) DNS queries as well. >Can this be done with iptables or perhaps some other way? Have you also looked at using a proxy server, and blocking unwanted sites there? I notice you also posted this separately to comp.os.linux.security, though it's not really on topic there, and comp.os.linux.networking.. Please don't multipost. If you feel that it's really appropriate to more than one news group, use 'Cross-posting' (where you list ALL of the newsgroups, comma separated, in one article's newsgroup header. Also be sure to include a "Followups-to:' header pointing to ONE group where you can see all the replies. Old guy
|
Pages: 1 Prev: crlCache.NDB Next: block yahoo messenger (linksys befsx41)? |