Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
how if i want to block some domain name with iptables ...
exp = micr*s0ft.com
i have tried several way .. but still unsuccesfuly .. o_O
PLEASE HELP ME !!!!
... some one use a website attacking my network ...
i have tried put this on my rule ...
#iptables -A FORWARD -s micr*s0ft.com -j REJECT
#iptables -I INPUT -s micr*s0ft.com -j DROP
#iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT
#iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT
#iptables -A INPUT -s micr*s0ft.com -j REJECT
how if i want to block some domain name with iptables ...
exp = micr*s0ft.com
i have tried several way .. but still unsuccesfuly .. o_O
PLEASE HELP ME !!!!
... some one use a website attacking my network ...
i have tried put this on my rule ...
#iptables -A FORWARD -s micr*s0ft.com -j REJECT
#iptables -I INPUT -s micr*s0ft.com -j DROP
#iptables -A FORWARD -i eth0 ( EXT ) -p ALL -s micr*s0ft.com -d 0/0 -j REJECT
#iptables -A FORWARD -p ALL -s micr*s0ft.com -j REJECT
#iptables -A INPUT -s micr*s0ft.com -j REJECT
Wildcards (*) won't work with iptables. Also, using domain names in iptables rules is terribly ineffective. A DNS lookup is done when the rule is executed, and the resulting IP(s) are used in the rule. That means that you'll potentially be lacking tons of IPs, and the ones you do have might become useless anytime. If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.
We can't make any suggestions if we don't know what you need suggestions about. You need to describe (be as verbose as possible) the type of attack before we can suggest any sort of countermeasure. So far, nothing you've posted even hints at what type of attack this is.
u'll have to use ips and if u'd like to block all DOMAIN names u can these just replace where needed.
iptables -A OUTPUT -p all --destination 127.0.0.1 -j DROP
find out the ip of a domain name and then find out it's whole ip range(s). I don't know if this rule will work exactly for u, but it works for me in custom-rules using arno-iptables-firewall for blocking access to whole ip ranges which \begin edit\ equales domain names /edit end/, and also does NOT gripe about it.
yes just change 127.0.0.1 to whatever ip and add a slash and then the netmask range and restart the firewall.
Example to block the WHOLE 224.0.0.0 range - IGMP/BROADCAST range, the following rule should suffice..
iptables -A OUTPUT -p all --destination 224.0.0.0/3 -j DROP
Last edited by nowshining; 12-01-2007 at 12:20 PM.
nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.
nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.
it was just some info that i wanted to share because it seemed relevant to what i was trying to do yesterday in my time zone. .
edit: -->
adding: they could also change OUTPUT to INPUT for incoming connections...
Last edited by nowshining; 12-01-2007 at 03:00 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.