iptables rules to allow HTTP traffic to one domain only

Posted by Zenet on Server Fault See other posts from Server Fault or by Zenet
Published on 2011-01-04T20:16:38Z Indexed on 2012/11/05 11:08 UTC
Read the original article Hit count: 191

Filed under:
|
|

I need to configure my machine as to allow HTTP traffic to/from serverfault.com only. All other websites, services ports are not accessible. I came up with these iptables rules:

#drop everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP

#Now, allow connection to website serverfault.com on port 80
iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

#allow loopback
iptables -I INPUT 1 -i lo -j ACCEPT

It doesn't work quite well:

  • After I drop everything, and move on to rule 3:

    iptables -A OUTPUT -p tcp -d serverfault.com --dport 80 -j ACCEPT

I get this error:

iptables v1.4.4: host/network `serverfault.com' not found
Try `iptables -h' or 'iptables --help' for more information.

Do you think it is related to DNS? Should I allow it as well? Or should I just put IP addresses in the rules? Do you think what I'm trying to do could be achieved with simpler rules? How?

I would appreciate any help or hints on this. Thanks a lot!

© Server Fault or respective owner

Related posts about dns

Related posts about iptables