First we need to find the host's IP addresses:
Code:
$ host www.gmail.com
www.gmail.com is an alias for mail.google.com.
mail.google.com is an alias for googlemail.l.google.com.
googlemail.l.google.com has address 74.125.226.54
googlemail.l.google.com has address 74.125.226.53
googlemail.l.google.com has IPv6 address 2607:f8b0:4006:80e::2005
I'd go ahead and permit the entire 74.125.226.0/24 "subnet" in case Google adds more servers to that range in the future. The rules look like this:
Code:
/sbin/iptables -A FORWARD -d 74.125.226.0/24 -p tcp --dport 443 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --dport 443 -j REJECT
The second rule matches all destinations.
You should avoid using hostnames in iptables rules. Usually the ruleset is loaded before domain name resolution has been set up, so only IP addresses work in that situation.
Bookmarks