November 24, 2024, 11:51:54 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Blocking website using IPTABLES  (Read 5569 times)

Offline marcus01

  • New Member
  • Posts: 3
Blocking website using IPTABLES
« on: September 07, 2004, 04:09:13 AM »
Hi!

Some of you will say that i should use pproxy server to do this but i really like to know how to block the websites using IPTABLES??

So i have created a script that will load a txt file that contains the IP Address of the websites the i only want my network will access.
the problem is that when i load the script i have to type only the ip address of the site to my browser to be able to access it!! and somthing else some of the site that i have included in the txt file have gave me an 403 error or forbiden to access the site!!!

so please can any one of you please help on this???

how can i access this site by typing their URL and not by the ip address and how can i access the other without having a 403 error??

HELP PLEASE!!!

Here is the script that i made:

#!/bin/sh

echo 0 > /proc/sys/net/ipv4/ip_forward

GOODIP=/etc/rc.d/goodlist.txt
LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
WAN_IP='XXX.XXX.XXX.XXX'
WAN_NIC='eth0'

iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 0/0 -j ACCEPT

iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $WAN_IP -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


echo "Blocking all unwanted IP's                              [ OK ]"

iptables -I FORWARD -s 0/0 -d 0/0 -j DROP

iptables -I FORWARD -p udp -s 0/0 -d 0/0 --dport 53 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dprot 25 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 20 -j ACCEPT
iptables -I FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -j ACCEPT


echo "Allowing Good IP's                                      [ OK ]"

for x in `grep -v ^# $GOODIP | awk '{print $1}'`; do

echo "Permitting $x             [ OK ]"

iptables -I FORWARD -s $x -j ACCEPT
done

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward