IPtables exception on block facebook access

Question

I have 3 ip ranges on my network, I blocked Facebook access with the command line:

iptables -I FORWARD -m string --algo bm --string "facebook.com" -j DROP

I would like to make an exception to the network range "192.168.0.x"

How can I do that?

Thanks in advance!

score 1 · Answer 1 · answered Mar 12 '13 at 20:29

1

You can simply negate the source IP address using the ! mark.

iptables -I FORWARD ! -s 192.168.0.0/24 -m string --algo bm --string "facebook.com" -j DROP

answered Mar 12 '13 at 20:29

Daniel t.

Check all your forward rules, make sure you don't have another forward rules which blocks all. Or flush all the rules and then add the rule I posted. – Daniel t. Mar 13 '13 at 19:59

1 Answers1