Answer the question
In order to leave comments, you need to log in
N
N
nallion2015-09-28 12:21:35
nallion, 2015-09-28 12:21:35
Iptables mark + iproute2 how to block a domain?
Actually the question is small)
I raised the Internet gateway, lartc, everything is as it should be.
Marking user packages
iptables -t mangle -A PREROUTING -s 10.0.0.6/32 ! -d 192.168.7.0/24 -j MARK --set-xmark 0x1/0xffffffff
And I send it to the desired gateway via ip rule
It is necessary that the user who sits on this rule cannot access the site, say ya.ru
I try
iptables like this - t mangle -A PREROUTING -m mark --mark 1 -m string --string "ya.ru" --algo kmp -j DROP
and it doesn't work, which is sooooo weird!
Tell me, colleagues, what to do in this situation?
1 answer(s)
@MechanID
V
Vladimir, 2015-09-28 @MechanID
Uh ... I would already insert the drop of packages into -t nat FORWARD and not into the mangle + keep in mind that this way you catch a bunch of false positives - for example, the user will open a site where there are links to ya.ru and the packages will also fall under the rule and drop.
IMHO Pts strange solution to the problem.
It is better to cut access to sites on a proxy or give a local dns stub ip and disable/fire third-party dns
Similar questions
H
A
A
K
kharlashkin2015-07-06 17:01:59
How to send vibration to xbox 360 controller using python on linux?
1Reply
L
LP-DIMAN2015-07-07 15:11:41
What normal and interesting courses are there on Linux on intuit?
3Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question