메뉴 건너뛰기

조회 수 24 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

This question popped a couple of days ago and it is: How to block, deny or redirect an IP address or domain name to another IP or web domain without the use of a router or configuring a browser. Basically using only Ubuntu to do this.

For example, a user uses a computer, he/she does not have access to facebook or twitter (could be a denied access forever or just between 2pm to 8pm). If the user tries to enter facebook or twitter it will be redirected to another place or just plained canceled.

The program would be preferable in GUI but if there isn't terminal will do.

I have checked out for example ufw and gufw but it only works for programs and ports. The case about domain names is not there. Which would make it easier to select or deselect a domain..



3down voteaccepted

iptables is helpful if it is only a few ip / domain names.

With iptables you can restrict based on user, group, and/or time although to do so you need to use the OUTPUT table. So to allow root, and a group "web", use

# this allows root for things such as apt-get
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# this allows users of the group web
# create a group, web, and add users to it to allow access
sudo iptables -A OUTPUT -m owner --gid-owner web -j ACCEPT

# These two rules allow access to port 80 and 443 over the lunch hour
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -m time --timestart 12:00 --timestop 13:00 -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -j DROP

But as your needs grow more complex, it is helpful to use proxies. For example you can use privoxy (and others) for adblock. Squid adds in filtering and more complex rules (acl or access control lists), but is likely over kill for a home user.

You then make the proxy transparent with iptables

# This allows root
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# This allows privoxy, which serves as adblock
sudo iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner privoxy -j ACCEPT

# this blocks direct access to ports 80 to all other users
sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP

# This allows squid to access privoxy (I think squid runs as "proxy")
#sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -m owner --uid-owner proxy -j ACCEPT

# this rule blocks other users from direct access to privoxy
sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -j DROP

# Redirect all outgoing traffic on port 80 to squid listening on port 3128
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 3128

outgoing example :

iptables -A OUTPUT -p tcp -m string --string "xxx.com" --algo kmp -j DROP

then with a cron job you could block all domains you want at the specifc time you want, and later


List of Articles
번호 분류 제목 글쓴이 날짜 조회 수
124 Linux VMware ESXi SSD on RAID showing as non-ssd 맨하탄노숙자 2017.05.09 1
123 Windows Windows XP 의 윈도우에서 Visual Studio .net (2003) 설치시 옵션 맨하탄노숙자 2017.01.02 3
122 Windows 윈 10 인증 크랙 secret 맨하탄노숙자 2016.05.01 8
121 Windows 윈도우10 정품인증을 확실하게 받을 수 있는 방법입니다 맨하탄노숙자 2016.05.01 2199
120 Linux CentOS 7 CPU 퍼포먼스가 100% 안나올때 맨하탄노숙자 2016.03.25 120
119 Linux ## 아파치 설치용으로 CSR을 생성하고, 발급받은 VeriSign(베리사인) SSL 인증서를 Tomcat 8 에 적용 맨하탄노숙자 2016.03.22 161
118 Linux mysql old_password 설정 맨하탄노숙자 2016.03.22 77
117 Windows 윈도우7 원격데스크톱 2인 이상 동시 접속 (다중 사용자 모드) 설정 방법 file 맨하탄노숙자 2016.03.21 285
116 Linux rsync 맨하탄노숙자 2016.03.21 50
115 Linux Rsync 특정 기간(일정 기간) 이상 지난 컨텐츠 복사 (730일, 365일, 1주일) 맨하탄노숙자 2016.03.10 45
114 Linux iptables 용어 맨하탄노숙자 2016.02.18 304
113 Linux iptables 용어 맨하탄노숙자 2016.02.18 291
112 Linux Linux iptables 방화벽 설정 맨하탄노숙자 2016.02.18 58
111 Linux Linux iptables 방화벽 설정 맨하탄노숙자 2016.02.18 149
110 Linux iptables 설정 두번째 맨하탄노숙자 2016.02.18 95
109 Linux iptables connlimit 모듈 활용 DDoS 맨하탄노숙자 2016.02.17 54
108 Linux iptables 분석 맨하탄노숙자 2016.02.17 18
107 Linux 25 Most Frequently Used Linux IPTables Rules Examples 맨하탄노숙자 2016.02.17 31
106 Linux Linux: 20 Iptables Examples For New SysAdmins 맨하탄노숙자 2016.02.17 34
» Linux How to block, deny or redirect an IP address or website domain 맨하탄노숙자 2016.02.17 24
Board Pagination Prev 1 2 3 4 5 6 7 Next
/ 7