I have a Linux server I'm using as a router for my internal network. I need to block all the websites except one or two using iptables.
How can I set this up?
Asked
Active
Viewed 7,853 times
1 Answers
1
Here it is:
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -d somewebsite.com --dport 80 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
This will permit DNS and access to the specified domain. If you want to get rid of the DNS entry (--dport 53) all you have to do is add an entry for the site to your /etc/hosts file. I almost gave up on this till I saw conntrack in the comments.
Just permit additional sites just duplicate the site line and adjust accordingly. Keep them all above the DROPs.
You may also find one of my previous iptables related answers useful in your work. need iptables rule to accept all incoming traffic
Enjoy
EvilKittenLord
- 3,318