2.8. Blocking Access to a Remote Host
Problem
You want to block outgoing traffic to a particular host.
Solution
To block all access:
For
iptables
:
# iptables -A OUTPUT -d remote_IP_address
-j REJECT
For
ipchains
:
# ipchains -A output -d remote_IP_address
-j REJECT
To block a particular service, such as a remote web site:
For iptables
:
# iptables -A OUTPUT -p tcp -d remote_IP_address
--dport www -j REJECT
For ipchains
:
# ipchains -A output -p tcp -d remote_IP_address
--dport www -j REJECT
Discussion
Perhaps you’ve discovered that a particular web site has malicious content on it, such as a trojan horse. This recipe will prevent all of your users from accessing that site. (We don’t consider “redirector” web sites, such as http://www.anonymizer.com, which would get around this restriction.)
See Also
iptables(8), ipchains(8).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.