Iptables rules to access a specific domain

- A
- Alain Chagnon
  
  Contact options for registered users
posted
17 years ago

Thu, Oct 26, 2006 1:20 AM

Hi,

I use iptables to block certain worstations on a network from accessing the Internet. I want these workstations to access a specific domain like

formatting link

which web site is composed of multiple web servers from many different ip adresses. Is there a way to do this ?

Exemple:

formatting link

=67.99.11.11 wich have pictures from

formatting link

at 66.77.88.99 wich may change anytime

Thanks

Alain Chagnon

- S
- Sebastian Gottschalk
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Thu, Oct 26, 2006 1:33 AM

No. Iptables resolves DNS names when being fed with the rules and doesn't update them.

What you want is an application layer firewall, f.e. a HTTP Proxy

- H
- Helge Olav Helgesen
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Thu, Oct 26, 2006 1:16 PM

Hello Alain,

You have to get all IP addresses and put them in iptables. iptables resolves host names at "compile" time.

Dig is your friend to find out what IP addresses to add;

dig

formatting link

3600 IN CNAME toggle.www.ms.akadns.net. toggle.www.ms.akadns.net. 300 IN CNAME g.www.ms.akadns.net. g.www.ms.akadns.net. 300 IN CNAME lb1.www.ms.akadns.net. lb1.www.ms.akadns.net. 300 IN A 207.46.225.60 lb1.www.ms.akadns.net. 300 IN A 207.46.18.30 lb1.www.ms.akadns.net. 300 IN A 207.46.19.30 lb1.www.ms.akadns.net. 300 IN A 207.46.19.60 lb1.www.ms.akadns.net. 300 IN A 207.46.20.30 lb1.www.ms.akadns.net. 300 IN A 207.46.198.30 lb1.www.ms.akadns.net. 300 IN A 207.46.198.60 lb1.www.ms.akadns.net. 300 IN A 207.46.199.30