0

How to block certain IP address to access certain domain/IP in Linux ?

I have CentOS installed on my server for virtual server purposes. I have a few virtual servers clients each one with his own IP. I need to block their IP to access certain domain.

I know this iptables rules totally blocks access to certain IP but I only need to limit the access only to a few clients, so this one block total access :

iptables -A OUTPUT -d 123.123.123.123 -j DROP

I need one rule that will mention what IP would be blocked from access 123.123.123.123

Blazer
  • 77
  • 2
  • 6
  • 2
    Are you looking also to restrict the *source* address affected? Have you tried `iptables -A OUTPUT -s 10.1.1.0/28 -d 192.168.3.3 -j DROP`? – MadHatter Nov 23 '15 at 07:45
  • I need to block IP 123.123.123 to access 111.111.111.111, actually I need to block some IP from my network to access certain website. – Blazer Nov 23 '15 at 07:53
  • 1
    So specify the required source address/block to be `DROP`ped with `-s`, the required destination address/block with `-d`. Blocking destination domains can't be done reliably in `iptables`, as a very small amount of searching on SF would have told you (eg, [this one](http://serverfault.com/questions/427267/how-to-allow-a-single-domain-name-with-iptables) or [this one](http://serverfault.com/questions/360689/permanently-blocking-a-domain-in-iptables) ). – MadHatter Nov 23 '15 at 08:20
  • If you need to prevent access to some website you can also use some access rule in the webserver configuration. E.g.: for apache 2.2 you can use mod_authz rules: `order allow,deny` and `allow from all` `deny from 123.123.123.123`. Other webserver has similar ways to block ip from accessing a website without having to fiddle with low-level tool. The advantage is that you can prevent access to a single website on a shared host. – SimoneLazzaris Nov 23 '15 at 09:31

1 Answers1

2

Use the -s | --source address parameter to filter on the source address.

iptables -I OUTPUT -s a.b.c.d  -d w.x.y.z -j DROP
user9517
  • 115,471
  • 20
  • 215
  • 297