iptables, allow only certain urls

From: @ndree
Date: 06/12/02


From: "@ndree" <Andree@nospam-Toonk.nl>
Date: Wed, 12 Jun 2002 12:15:31 +0200

Hello,

Ive got a question about iptables.
Ive got a network 192.168.0.0/24 and there are certain restrictions for the
users on that network.

This network is connected to the intenet through a linux 2.4 iptables
firewall.

A example of a restriction is that the can only visit some internet sites.

The rules ive made for this is:

$IPTABLES -t nat -A POSTROUTING -o $EX_IF -s 192.168.0.0/24 -j MASQUERADE
$IPTABLES -A FORWARD -s www.somesite.com -p tcp --sport 80 -d
192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s www.anothersite.com -p tcp --sport 80 -d
192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s $NAMESERVER -p udp --sport 53 -d 192.168.0.0/24 -j
ACCEPT
$IPTABLES -A FORWARD -s 0/0 -d 192.168.0.0/24 -j DROP

as you can see Ive made this rule in the forward chain, is this wise to do?
Or should I make this rule in the input or output chain?

I hope you can advise me with this,
what would be the best way to allow only certain sites?

thanks in advance Andree



Relevant Pages

  • Re: Bridging network adapters in Linux
    ... ip addr add $address/$netbits dev br0 ... Either a default route ... two network devices assuming, ... This is done using the iptables mechanism. ...
    (comp.os.linux.networking)
  • Re: Questions on some wierd /var/log entries
    ... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
    (comp.os.linux.misc)
  • Re: iptables, virtualbox and port forwarding
    ... learn that the iptables command does not save it's configuration. ... I had some network knowledge in the past, ... iptables-save, which will save the current ruleset, and a restore ...
    (Debian-User)
  • Re: newbie needs help with iptables basics (please)
    ... >I have RTFM (man iptables) and have read several docs off the net and pages ... Implement Multi-Router Traffic Grapher to establish network ... discuss & plan the implementation of Snort 2.0 Intrustion ... Install Snort 2.0 Network-based Intrusion Detection System ...
    (comp.os.linux.security)
  • Re: IP MASQ wont work
    ... I am trying to run a IP MASQ firewall for 2 computers. ... > linuxbox will sit in between the university network and my 2 winboxes. ... > # If your Linux distribution came with a copy of iptables, ... > # NO need to load the kernel modules manually. ...
    (comp.os.linux.networking)