Results 1 to 3 of 3

Thread: help with iptables

  1. #1
    Join Date
    Oct 2007
    Beans
    139

    help with iptables

    I'm looking to block traffic from an ip to facebook.

    Was thinking this
    iptables -A OUTPUT -s 192.168.0.27 -p tcp -d facebook.com -j DROP

    didnt work, can anyone help?

  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    2,105
    Distro
    Ubuntu Development Release

    Re: help with iptables

    One problem is that facebook uses many servers and IP addresses and it is not clear (at least to me) which IP address will end up being used if one tries to access www.facebook.com. For an iptables solution, you might need to drop packets destined for any facebook owned IP address.
    I also think your rules would have to bo added to the FORWARD chain, not the OUTPUT chain.
    Perhaps something like this (where I am trying to block 192.168.111.100 from accessing facebook):
    Code:
    $IPTABLES -A FORWARD -i $INTIF -s 192.168.111.100 -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 -j DROP
    $IPTABLES -A FORWARD -i $INTIF -s 192.168.111.100 -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 -j DROP
    $IPTABLES -A FORWARD -i $INTIF -s 192.168.111.100 -p tcp -m iprange --dst-range 69.171.224.0-69.171.255.255 -j DROP
    $IPTABLES -A FORWARD -i $INTIF -s 192.168.111.100 -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 -j DROP
    which gave this when an attempt was tried:
    Code:
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
        pkts      bytes target     prot opt in     out     source               destination
           0        0 DROP       tcp  --  eth0   *       192.168.111.100      0.0.0.0/0           destination IP range 66.220.144.0-66.220.159.255
           0        0 DROP       tcp  --  eth0   *       192.168.111.100      0.0.0.0/0           destination IP range 69.63.176.0-69.63.191.255
          10      512 DROP       tcp  --  eth0   *       192.168.111.100      0.0.0.0/0           destination IP range 69.171.224.0-69.171.255.255
           0        0 DROP       tcp  --  eth0   *       192.168.111.100      0.0.0.0/0           destination IP range 204.15.20.0-204.15.23.255
    Note: I have no clue if I got all of facebook IP addresses or not.

  3. #3
    Join Date
    Jul 2012
    Location
    /home/
    Beans
    196
    Distro
    Lubuntu 12.04 Precise Pangolin

    Re: help with iptables

    Did you read the how-to's? Here's a page with almost the same info. And another one. Hope this will help you.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •