How to block any website from IPTABLES

General discussion about Linux, Linux distribution, using Linux etc.
Post Reply
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

How to block any website from IPTABLES

Post by zAm »

Hello,
can anybody tell me how to block any particular website with the help of iptables , because squid rules can easily be breakup by using any proxy in IE, but firewall rules won't be easily broken, almost impossible ... so anyway out to block any website from iptables ?
i've tried

Code: Select all

/sbin/iptables -I INPUT -p all -s 0/0 -d 208.64.26.66/0 --dport 0/0 -j DROP
but it's not blocking the website ........
any other way out to block the website through iptables ........ ?
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re: How to block any website from IPTABLES

Post by syedali999 »

i dont so that INPUT chains can block the traffic....
coz u r using proxy...and at the input chain level, all destinations are your cache server for instance : 192.168.0.1.
it should be blocked in output chain ...

second just drop the destination without defining source ip and s/dports .... it should work
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

still access the websites

Post by zAm »

Hello,
Mr.Syed ....... well i've tried the OUTPUT rule too but still the website i blocked can be access ..... here's my code .

Code: Select all

/sbin/iptables -I INPUT -d 208.64.26.66 -j DROP
/sbin/iptables -I OUTPUT -d 208.64.26.66 -j DROP
/sbin/IPTABLES -A FORWARD -d 208.64.26.66 -j DROP
i tried the 3 policies one by one as OUTPUT , INPUT , FORWARD ..
what could be reason ? why the websites aren't getting blocked . for your concern i wanted to make sure that i'm using transparent proxy by redirecting port 80 to squid-port & i've applied the block website rule before the transparent rule ... where should i need to put that code ? or may i send you my firewall configuration file , if you've a bit time to check it out ....... Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re: still access the websites

Post by syedali999 »

zAm wrote:Hello,
Mr.Syed ....... well i've tried the OUTPUT rule too but still the website i blocked can be access ..... here's my code .

Code: Select all

/sbin/iptables -I INPUT -d 208.64.26.66 -j DROP
/sbin/iptables -I OUTPUT -d 208.64.26.66 -j DROP
/sbin/IPTABLES -A FORWARD -d 208.64.26.66 -j DROP
i tried the 3 policies one by one as OUTPUT , INPUT , FORWARD ..
what could be reason ? why the websites aren't getting blocked . for your concern i wanted to make sure that i'm using transparent proxy by redirecting port 80 to squid-port & i've applied the block website rule before the transparent rule ... where should i need to put that code ? or may i send you my firewall configuration file , if you've a bit time to check it out ....... Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
do send me your firewall...
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
AsadRasheed
Battalion Quarter Master Havaldaar
Posts: 228
Joined: Fri Jan 28, 2005 6:23 pm
Location: Karachi

How to block any website from IPTABLES

Post by AsadRasheed »

Dear zAm,

Blocking site through iptables is not good practice , so try to avoid it .

check this also

http://www.linuxpakistan.net/forum2x/vi ... e+iptables

Regards,
M Asad Rasheed
registered linux user #394856
http://www.bsdpakistan.org
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

here's my firewall configuration

Post by zAm »

Hello,
S.Ali Rizvi ... here's my firewall configuration file, please check out.
http://www.lyarianz.ukonline.co.uk/firewall.txt
Dear , AsadRasheed ...
Blocking site through iptables is not good practice , so try to avoid it .
i know but just wanted to know how to ? & why can't i am able to do it as it could be done ...... Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

hay zAm
i can block it through iptables but for this you have to use patch o matic
or
iptables -t nat -A PREROUTING -p tcp -d www.xyz.com --dport 80 -j DROP
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

the same ............

Post by zAm »

Hello,
Mr.Kashif .... well i've used your code too but the same problem exists .... it isn't blocked yet . i used that

Code: Select all

/sbin/iptables -t nat -A PREROUTING -p all -d www.sooperstudio.com --dport 80 -j DROP
i've tried this code before & after TRANSPARENT rule but it doesn't working :( what could be the problem , please check out my firewall configuration , might there would be any problem .

Code: Select all

http://www.lyarianz.ukonline.co.uk/firewall.txt
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
AsadRasheed
Battalion Quarter Master Havaldaar
Posts: 228
Joined: Fri Jan 28, 2005 6:23 pm
Location: Karachi

Post by AsadRasheed »

Dear zAm,

Put ip instead of domain , may be this can help .

Regards,
M Asad Rasheed
registered linux user #394856
http://www.bsdpakistan.org
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

IP doesn't works too !

Post by zAm »

Hello,
Asad ... no it won't works tooo ................
Proud To Be Lyarianz !
Post Reply