0

I tried use this command to block a domain iptables -I INPUT -p tcp -m string --string "Host: domain.com" --algo bm -j REJECT and it worked but, i want to Reject all but accept from specified domains is that possible ?

seif elsherif
  • 9
  • 1

1 Answers1

1

Before allowing a certain domain, block all other traffic:

iptables -P INPUT DROP

(this will drop all connections, even the ssh you might be using, so watch out)

Then, allow the domains you want:

iptables -I INPUT -p tcp  -m string --string "Host: domain.com" --algo bm -j  ACCEPT
Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
  • thanks for replying, but it didn't work, it dropped all connection and didn't allow the domain ... – seif elsherif Mar 18 '15 at 12:21
  • Note the host lookup will fail if DNS traffic is blocked. Also keep in mind the host lookup is done once when the rule is loaded. See: http://serverfault.com/questions/218707/iptables-rules-to-allow-http-traffic-to-one-domain-only – Brian Mar 18 '15 at 12:28
  • but this command iptables -I INPUT -p tcp -m string --string "Host: domain.com" --algo bm -j REJECT is working ? – seif elsherif Mar 18 '15 at 12:30
  • 1
    That's obviously not going to work, because the string you look for isn't present in every packet throughout the connection. In particular you are going to drop the SYN packets. Moreover, DROP is not the right target. You should be using `-j REJECT --reject-with tcp-reset`. – kasperd Mar 18 '15 at 13:50