June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.8. Blocking Access to a Remote Host
Problem
You want to block outgoing traffic to a particular host.
Solution
To block all access:
For
iptables
:
# iptables -A OUTPUT -d remote_IP_address -j REJECTFor
ipchains
:
# ipchains -A output -d remote_IP_address -j REJECTTo block a particular service, such as a remote web site:
For iptables:
# iptables -A OUTPUT -p tcp -d remote_IP_address --dport www -j REJECTFor ipchains:
# ipchains -A output -p tcp -d remote_IP_address --dport www -j REJECTDiscussion
Perhaps you’ve discovered that a particular web site has malicious content on it, such as a trojan horse. This recipe will prevent all of your users from accessing that site. (We don’t consider “redirector” web sites, such as http://www.anonymizer.com, which would get around this restriction.)
See Also
iptables(8), ipchains(8).