메뉴 건너뛰기

조회 수 30 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

This question popped a couple of days ago and it is: How to block, deny or redirect an IP address or domain name to another IP or web domain without the use of a router or configuring a browser. Basically using only Ubuntu to do this.

For example, a user uses a computer, he/she does not have access to facebook or twitter (could be a denied access forever or just between 2pm to 8pm). If the user tries to enter facebook or twitter it will be redirected to another place or just plained canceled.

The program would be preferable in GUI but if there isn't terminal will do.

I have checked out for example ufw and gufw but it only works for programs and ports. The case about domain names is not there. Which would make it easier to select or deselect a domain..



3down voteaccepted

iptables is helpful if it is only a few ip / domain names.

With iptables you can restrict based on user, group, and/or time although to do so you need to use the OUTPUT table. So to allow root, and a group "web", use

# this allows root for things such as apt-get
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# this allows users of the group web
# create a group, web, and add users to it to allow access
sudo iptables -A OUTPUT -m owner --gid-owner web -j ACCEPT

# These two rules allow access to port 80 and 443 over the lunch hour
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -m time --timestart 12:00 --timestop 13:00 -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -j DROP

But as your needs grow more complex, it is helpful to use proxies. For example you can use privoxy (and others) for adblock. Squid adds in filtering and more complex rules (acl or access control lists), but is likely over kill for a home user.

You then make the proxy transparent with iptables

# This allows root
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# This allows privoxy, which serves as adblock
sudo iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner privoxy -j ACCEPT

# this blocks direct access to ports 80 to all other users
sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP

# This allows squid to access privoxy (I think squid runs as "proxy")
#sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -m owner --uid-owner proxy -j ACCEPT

# this rule blocks other users from direct access to privoxy
sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -j DROP

# Redirect all outgoing traffic on port 80 to squid listening on port 3128
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 3128

outgoing example :

iptables -A OUTPUT -p tcp -m string --string "xxx.com" --algo kmp -j DROP

then with a cron job you could block all domains you want at the specifc time you want, and later


List of Articles
번호 분류 제목 글쓴이 날짜 조회 수
» Linux How to block, deny or redirect an IP address or website domain 맨하탄노숙자 2016.02.17 30
104 Linux Predictable Network Interface Names 맨하탄노숙자 2016.02.14 29
103 Linux CentOS 7: Fixing Failed to start LSB error when importing/exporting a VM 맨하탄노숙자 2016.02.11 285
102 Linux CentOS 7 - nmtui d / nmtui c - 네트워크 장치 UUID 체크 맨하탄노숙자 2016.02.11 68
101 Linux Kill Process list - sub process list 맨하탄노숙자 2016.02.02 8
100 Linux CentOS7 본딩 구성 맨하탄노숙자 2016.01.23 118
99 Linux [리눅스] CentOS 7 로케일 변경 맨하탄노숙자 2016.01.23 29
98 Linux [리눅스] CentOS 7 타임존 변경 맨하탄노숙자 2016.01.23 232
97 Linux CentOS 7 – hostname 변경 맨하탄노숙자 2016.01.23 140
96 Linux [CentOS 7] step2. 기본 패키지 설치 맨하탄노숙자 2016.01.21 74
95 Linux [CentOS 7] step1. 설치 후 기본설정 맨하탄노숙자 2016.01.21 369
94 Linux In Place Upgrade CentOS 6.5 to 7.0 using preupg 맨하탄노숙자 2016.01.20 48
93 Linux Upgrade from CentOS 6 to CentOS 7 맨하탄노숙자 2016.01.20 30
92 Linux RHEL/CentOS 6 을 7 으로 업그레이드 하기 맨하탄노숙자 2016.01.20 125
91 Linux Doly의 CentOS7 강좌19 6. CentOS 네트워크 5-관련 명령어 맨하탄노숙자 2016.01.16 159
90 Linux xtables-addons 컴파일 중 오류 발생시 맨하탄노숙자 2016.01.15 10
89 Linux Centos GeoIP 설치 맨하탄노숙자 2016.01.15 24
88 Linux GeoIP Legacy Country Database Installation Instructions 맨하탄노숙자 2016.01.15 13
87 Linux Install EPEL Repository On CentOS And RHEL 7 맨하탄노숙자 2016.01.15 273
86 Linux [CentOS 5.11] Python 2.7.8 및 pip 설치하기 맨하탄노숙자 2016.01.11 126
Board Pagination Prev 1 2 3 4 5 6 7 Next
/ 7