https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047773#M48538 iptables -A OUTPUT -s YOURLAN -d TARGET_IP_ADDRESS -j DENY<BR /><BR />replacing YOURLAN by something like: 192.168.0.0/24 and TARGET_IP_ADDRESS to another CIDR, or an ip address, like: 1.1.1.1<BR /><BR />That would block outgoing traffic to that site.<BR /><BR />Regards,<BR />Leandro Daniel Costa Fri, 18 May 2007 10:04:23 GMT Leandro Daniel Costa 2007-05-18T10:04:23Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047769#M48534 Hi all,<BR /><BR />I am using firestarter in my LAN environment and i want to block a particular website in my LAN environment.<BR /><BR />is it possible to block IP address? <BR /><BR />How can i block this.<BR /><BR />Thanks in Advance.<BR /><BR />MKS Fri, 18 May 2007 08:51:25 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047769#M48534 monu_1 2007-05-18T08:51:25Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047770#M48535 Take a look at this page<BR /><BR /><A href="http://www.fs-security.com/docs/policy-page.php" target="_blank">http://www.fs-security.com/docs/policy-page.php</A><BR /><BR />Here, it explains how to accomplish what you're trying to do.<BR />You need to block outgoing traffic to that IP address.<BR /><BR />Hope it helps<BR /><BR />Regards,<BR />Leandro Costa Fri, 18 May 2007 09:32:01 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047770#M48535 Leandro Daniel Costa 2007-05-18T09:32:01Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047771#M48536 Yes it's possible. You can do it via firewall or proxy. It depends of how your network connects to Internet.<BR /><BR />If you have a Linux gateway with NAT, you should use iptables to block access.<BR /><BR />If you use a proxy server like squid, you need to configure access lists and rules. Fri, 18 May 2007 09:38:12 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047771#M48536 Ivan Ferreira 2007-05-18T09:38:12Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047772#M48537 Thanks Ivan!<BR /><BR />I am using linux gateway with NAT.<BR />Please suggest which command i should append in IPTABLE entry to block a particular web sit that no one can access that site in my LAN env users.<BR /><BR />Thanks a lot again<BR /><BR />MKS Fri, 18 May 2007 09:42:47 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047772#M48537 monu_1 2007-05-18T09:42:47Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047773#M48538 iptables -A OUTPUT -s YOURLAN -d TARGET_IP_ADDRESS -j DENY<BR /><BR />replacing YOURLAN by something like: 192.168.0.0/24 and TARGET_IP_ADDRESS to another CIDR, or an ip address, like: 1.1.1.1<BR /><BR />That would block outgoing traffic to that site.<BR /><BR />Regards,<BR />Leandro Daniel Costa Fri, 18 May 2007 10:04:23 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047773#M48538 Leandro Daniel Costa 2007-05-18T10:04:23Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047774#M48539 The rule could be like this:<BR /><BR />LANIP="192.168.0.1/24"<BR />DESTHOST=w.x.y.z<BR /><BR />iptables -I FORWARD 1 -s $LANIP -d $DESTHOST -j REJECT Fri, 18 May 2007 10:04:41 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047774#M48539 Ivan Ferreira 2007-05-18T10:04:41Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047775#M48540 Hi Costa!<BR /><BR />Accoring to yr command i have put entry in iptables but with REJECT.<BR /><BR />But this entry also reject my ping request to other sites also.<BR /><BR />means icmp request reject<BR /><BR />where is the prob<BR />plz suggest<BR /><BR />MKS Fri, 18 May 2007 11:11:04 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047775#M48540 monu_1 2007-05-18T11:11:04Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047776#M48541 Hi Ivan!<BR /><BR />According to yr given rule, i read somewhere that -s and -d option shoule have same parameter<BR /><BR />like -s $192.168.1.0/24<BR /> -d $x.y.z.w/24<BR />what should i do.I have to block site (x.y.z.w) for my LAN clients.<BR /><BR />According to yr given command<BR /><BR />LANID="192.168.1.0/24"<BR />DESID=x.y.z.w<BR />#IPTABLES -I FORWARD 1 -s $LANID -d $DESID -j REJECT<BR /><BR />Above is not working and after changes its also not desplaying others entry in my previous configured IPTABLES enteries.<BR /><BR />Please ellaborat more clearly.<BR /><BR />Thank you very much for resolving my prob.<BR /><BR />Is there any option to put DNS for blocking.<BR /><BR />Regards,<BR />MKS Sat, 19 May 2007 05:58:28 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047776#M48541 monu_1 2007-05-19T05:58:28Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047777#M48542 &gt;&gt;&gt; Above is not working and after changes its also not desplaying others entry in my previous configured IPTABLES enteries.<BR /><BR />Tha's weird. Can you post the output of:<BR /><BR />service iptables status<BR /><BR />Or<BR /><BR />iptables -nL FORWARD<BR /><BR /><BR />&gt;&gt;&gt; Is there any option to put DNS for blocking.<BR /><BR />Depending of what do you want to block, if you want to restrict clients from using DNS, you have two options, block the port 53 for these clients, or add a rule in the named.conf to restrict the hosts that can query your dns server (if you have one). Sat, 19 May 2007 10:09:00 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047777#M48542 Ivan Ferreira 2007-05-19T10:09:00Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047778#M48543 Hi All,<BR /><BR />I have done above task as<BR /><BR />iptables -A OUTPUT -s 192.168.1.0/24 -d x.y.z.w -j DROP<BR /><BR />and it is working now. But when i restart iptables service, its remove my above targeted entry from filter table.<BR /><BR />What shd i do that it will remains permanent in filter table even after reboot my system<BR /><BR />Regards,<BR />MKS Tue, 22 May 2007 07:00:41 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047778#M48543 monu_1 2007-05-22T07:00:41Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047779#M48544 If you use Red Hat or something similar, just use:<BR /><BR />service iptables save<BR /><BR />If you run another Linux distribution, it depends of how it loads the iptables services, but basically, you have to run:<BR /><BR />iptables-save &gt; /path/to/file<BR /><BR />Where /path/to/file could be something like /etc/sysconfig/iptables.<BR /><BR /> Tue, 22 May 2007 08:42:38 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047779#M48544 Ivan Ferreira 2007-05-22T08:42:38Z https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047780#M48545 Thread Closed Tue, 22 May 2007 09:45:11 GMT https://community.hpe.com/t5/operating-system-linux/security-related-block-perticular-site/m-p/5047780#M48545 monu_1 2007-05-22T09:45:11Z