Question

1

Allow outgoing connections only to specific domain/IP

rated 0 times [ 1] [ 0] / answers: 1 / hits: 4766 / 3 Years ago, mon, october 4, 2021, 7:41:13

I'm trying to allow connection to only one website (for only one domain). For example www.mywebsite.com, with IP address A.B.C.D.

My iptables definition looks like this:

iptables -I INPUT 1 -i lo -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

iptables -A OUTPUT -p tcp -d A.B.C.D --dport 80 -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -P INPUT DROP

iptables -P OUTPUT DROP

Problem is that it looks like subfolder of that website is not on the same server. So if it's on www.mywebsite.com, user must be able to access also to
www.mywebsite.com/cobiss/, www.mywebsite.com/cobiss?param1=value1&param2=value2.

Can you help me what additional rules I need to allow access to related parts of that site?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

oleard

Add To Favorites

Follow

Total Points: 344

Total Questions: 105

Total Answers: 113

Location: Bonaire

Member since Tue, Sep 20, 2022

2 Years ago

answered 3 Years ago ligdesig · Accepted Answer

That will not work with iptables alone. The iptables works on OSI layer 3+4. You are looking for layer 7 filtering.

I suggest you set up a proxy server for filtering. I can recommend Dans Guardian for web content filtering. Configure your firewall to redirect all web traffic over your web proxy (creating a transparent proxy) and then filter there.

Take a look at this tutorial howto get started.