iptables rules to allow HTTP traffic to one domain only
Posted
by
Zenet
on Server Fault
See other posts from Server Fault
or by Zenet
Published on 2011-01-04T20:16:38Z
Indexed on
2012/11/05
11:08 UTC
Read the original article
Hit count: 191
I need to configure my machine as to allow HTTP traffic to/from serverfault.com only. All other websites, services ports are not accessible. I came up with these iptables rules:
#drop everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP
#Now, allow connection to website serverfault.com on port 80
iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#allow loopback
iptables -I INPUT 1 -i lo -j ACCEPT
It doesn't work quite well:
After I drop everything, and move on to rule 3:
iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT
I get this error:
iptables v1.4.4: host/network `serverfault.com' not found
Try `iptables -h' or 'iptables --help' for more information.
Do you think it is related to DNS? Should I allow it as well? Or should I just put IP addresses in the rules? Do you think what I'm trying to do could be achieved with simpler rules? How?
I would appreciate any help or hints on this. Thanks a lot!
© Server Fault or respective owner