[ Team LiB ] Previous Section Next Section

Recipe 2.8 Blocking Access to a Remote Host

2.8.1 Problem

You want to block outgoing traffic to a particular host.

2.8.2 Solution

To block all access:

For iptables:

# iptables -A OUTPUT -d remote_IP_address -j REJECT

For ipchains:

# ipchains -A output -d remote_IP_address -j REJECT

To block a particular service, such as a remote web site:

For iptables:

# iptables -A OUTPUT -p tcp -d remote_IP_address --dport www -j REJECT

For ipchains:

# ipchains -A output -p tcp -d remote_IP_address --dport www -j REJECT

2.8.3 Discussion

Perhaps you've discovered that a particular web site has malicious content on it, such as a trojan horse. This recipe will prevent all of your users from accessing that site. (We don't consider "redirector" web sites, such as http://www.anonymizer.com, which would get around this restriction.)

2.8.4 See Also

iptables(8), ipchains(8).
    [ Team LiB ] Previous Section Next Section