HPE Community
Operating System - Linux
1828217 Members
2304 Online
109975 Solutions
New Discussion

Re: security related block perticular site

 
SOLVED
Go to solution
monu_1
Regular Advisor

‎05-18-2007 01:51 AM

‎05-18-2007 01:51 AM

security related block perticular site

Hi all,

I am using firestarter in my LAN environment and i want to block a particular website in my LAN environment.

is it possible to block IP address?

How can i block this.

Thanks in Advance.

MKS
0 Kudos
11 REPLIES 11
Leandro Daniel Costa
Occasional Advisor

‎05-18-2007 02:32 AM

‎05-18-2007 02:32 AM

Re: security related block perticular site

Take a look at this page

http://www.fs-security.com/docs/policy-page.php

Here, it explains how to accomplish what you're trying to do.
You need to block outgoing traffic to that IP address.

Hope it helps

Regards,
Leandro Costa
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-18-2007 02:38 AM

‎05-18-2007 02:38 AM

Re: security related block perticular site

Yes it's possible. You can do it via firewall or proxy. It depends of how your network connects to Internet.

If you have a Linux gateway with NAT, you should use iptables to block access.

If you use a proxy server like squid, you need to configure access lists and rules.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
monu_1
Regular Advisor

‎05-18-2007 02:42 AM

‎05-18-2007 02:42 AM

Re: security related block perticular site

Thanks Ivan!

I am using linux gateway with NAT.
Please suggest which command i should append in IPTABLE entry to block a particular web sit that no one can access that site in my LAN env users.

Thanks a lot again

MKS
0 Kudos
Leandro Daniel Costa
Occasional Advisor

‎05-18-2007 03:04 AM

‎05-18-2007 03:04 AM

Re: security related block perticular site

iptables -A OUTPUT -s YOURLAN -d TARGET_IP_ADDRESS -j DENY

replacing YOURLAN by something like: 192.168.0.0/24 and TARGET_IP_ADDRESS to another CIDR, or an ip address, like: 1.1.1.1

That would block outgoing traffic to that site.

Regards,
Leandro Daniel Costa
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-18-2007 03:04 AM

‎05-18-2007 03:04 AM

Re: security related block perticular site

The rule could be like this:

LANIP="192.168.0.1/24"
DESTHOST=w.x.y.z

iptables -I FORWARD 1 -s $LANIP -d $DESTHOST -j REJECT
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
monu_1
Regular Advisor

‎05-18-2007 04:11 AM

‎05-18-2007 04:11 AM

Re: security related block perticular site

Hi Costa!

Accoring to yr command i have put entry in iptables but with REJECT.

But this entry also reject my ping request to other sites also.

means icmp request reject

where is the prob
plz suggest

MKS
0 Kudos
monu_1
Regular Advisor

‎05-18-2007 10:58 PM

‎05-18-2007 10:58 PM

Re: security related block perticular site

Hi Ivan!

According to yr given rule, i read somewhere that -s and -d option shoule have same parameter

like -s $192.168.1.0/24
-d $x.y.z.w/24
what should i do.I have to block site (x.y.z.w) for my LAN clients.

According to yr given command

LANID="192.168.1.0/24"
DESID=x.y.z.w
#IPTABLES -I FORWARD 1 -s $LANID -d $DESID -j REJECT

Above is not working and after changes its also not desplaying others entry in my previous configured IPTABLES enteries.

Please ellaborat more clearly.

Thank you very much for resolving my prob.

Is there any option to put DNS for blocking.

Regards,
MKS
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-19-2007 03:09 AM

‎05-19-2007 03:09 AM

Re: security related block perticular site

>>> Above is not working and after changes its also not desplaying others entry in my previous configured IPTABLES enteries.

Tha's weird. Can you post the output of:

service iptables status

Or

iptables -nL FORWARD


>>> Is there any option to put DNS for blocking.

Depending of what do you want to block, if you want to restrict clients from using DNS, you have two options, block the port 53 for these clients, or add a rule in the named.conf to restrict the hosts that can query your dns server (if you have one).
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
monu_1
Regular Advisor

‎05-22-2007 12:00 AM

‎05-22-2007 12:00 AM

Re: security related block perticular site

Hi All,

I have done above task as

iptables -A OUTPUT -s 192.168.1.0/24 -d x.y.z.w -j DROP

and it is working now. But when i restart iptables service, its remove my above targeted entry from filter table.

What shd i do that it will remains permanent in filter table even after reboot my system

Regards,
MKS
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-22-2007 01:42 AM

‎05-22-2007 01:42 AM

Solution

Re: security related block perticular site

If you use Red Hat or something similar, just use:

service iptables save

If you run another Linux distribution, it depends of how it loads the iptables services, but basically, you have to run:

iptables-save > /path/to/file

Where /path/to/file could be something like /etc/sysconfig/iptables.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
monu_1
Regular Advisor

‎05-22-2007 02:45 AM

‎05-22-2007 02:45 AM

Re: security related block perticular site

Thread Closed
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.