rob0 at gmx.co.uk
Tue Aug 30 19:23:48 CEST 2005
Please do not top-post. Thank you.
On Tuesday 2005-August-30 10:22, InfoMail wrote:
> this is the rule and below is the error .. is this ment to work
> $IPTAB -A OUTPUT -p tcp -o eth0 -s 0/0 -d www.microsoft.com -j DROP
> ##$IPTAB -A FORWARD -s 0/0 -d www.microsoft.com -m state --state NEW
> -j DROP
To do this most effectively, consider using HTTP proxy servers, like
Squid ( http://www.squid-cache.org/ ).
Again you're not explicit about your goal. Allow me to give an example:
"I want to block all HTTP access to servers at www.microsoft.com., for
hosts in my NAT'ed network." Squid is the best means of that; my DNS
hijacking idea in the other post might also work, although it would
also affect anything else resolving from www.microsoft.com, not just
Or: "I want to block all access, all protocols, to all Microsoft
servers, from my host and from NAT'ed hosts."
Say what it is you want to do!
I sense also a likely misunderstanding of the roles of the built-in
chains. OUTPUT only affects traffic which originated on the machine
itself. If you're wanting to block NAT'ed traffic, you need to do this
in FORWARD. Please see "man iptables".
> starting rules for NATing
> iptables v1.2.11: host/network `www.microsoft.com' not found
> Try `iptables -h' or 'iptables --help' for more information.
The problem here is that at the time your script tries to run that
iptables command, your rules do not yet allow DNS access to your
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter