 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, Oct 23, 2009 at 01:13:01PM -0700, Dave Peters wrote: > Is there anyway to use iptables blocking domain name not IP address? > > Example to block hotmail.com. > > I tried this iptables -A FORWARD -d hotmail.com -j REJECT and it won't work. Right. You need to use a DNS lookup utility (say, dig) to turn domain names into lists of IPs. If you're doing a lot of this, you may want to create new chains per service to maintain performance, i.e. iptables -N ssh iptables -N smtp iptables -N web iptables -A FORWARD -p tcp --dport 22 -j ssh iptables -A FORWARD -p tcp --dport 25 -j smtp iptables -A FORWARD -p tcp --dport 587 -j smtp iptables -A FORWARD -p tcp --dport 80 -j web iptables -A FORWARD -p tcp --dport 443 -j web as a presort, then do the more complex manipulations in those chains. -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't defend freedom by getting rid of it.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
