[SATLUG] Blocking with iptables, even if the hostname won't resolve

Jeremy Mann jeremymann at gmail.com
Tue May 11 14:25:11 CDT 2010


On Tue, May 11, 2010 at 2:14 PM, David Salisbury
<david.salisbury at momentumweb.com> wrote:
> But I don't think I can block whole domains with iptables, right?  Like, if
> I block the site below, that will just block THAT site (that IP) and not any
> "under it", isn't that correct?  I so far haven't been able to find a way to
> do it with iptables (block an entire domain), at least.  I'll look at that
> string match a little more closely, but I read some forums that said it
> basically didn't match the string of the domain name, but rather information
> in the headers (which potentially wouldn't include the actual name).  But I
> didn't check that myself so I'll dig a little more.  Thanks for the
> suggestions, guys!

I block full domains all the time with iptables. For example:

iptables -A INPUT -i eth0 -s 200.223.203.0/24 -j DROP



-- 
Jeremy Mann
jeremy at biochem.uthscsa.edu

University of Texas Health Science Center
Bioinformatics Core Facility
http://www.bioinformatics.uthscsa.edu
Phone: (210) 567-2672


More information about the SATLUG mailing list