Hi
i am mainly looking for iptables for blocking any.com for specific time & comparison with cisco IOS ACL
Im doing a bit of different implementation of iptable. what i want to do is to block the iptables: blocking something.com for specific time .
like blocking specific web site for timings in office house and , allow in the week end.
but i dont want to add seprate rule for each web server of that web site. i just want to use Domainname so that it covers all webserver against it in the DNS record automatically.
secondly need some comparison and features to iptables to compare with cisco IOS ACL , for implementing in medium sized network.
Support for iptables and cisco geeks needed, help will be highly appreciated.
Thanks
iptables: block any.com for specific time &compare featu
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear farhanksa,
Salam,
# iptables -I FORWARD -s a.b.c.d -d e.f.g.h -p tcp --dport 80 -m time
--timestart 01:00 --timestop 12:00 -j REJECT
Or
iptables -I FORWARD -s any.com -d any.com -p tcp --dport 80 -m time
--timestart 01:00 --timestop 12:00 -j REJECT
It will block specific traffic between time slot of 01:00 to 12:00 each day
Best Regards.
Salam,
# iptables -I FORWARD -s a.b.c.d -d e.f.g.h -p tcp --dport 80 -m time
--timestart 01:00 --timestop 12:00 -j REJECT
Or
iptables -I FORWARD -s any.com -d any.com -p tcp --dport 80 -m time
--timestart 01:00 --timestop 12:00 -j REJECT
It will block specific traffic between time slot of 01:00 to 12:00 each day
Best Regards.
Farrukh Ahmed
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear farhanksa,
Salam,
For your Second Question,
http://fwup.org/
http://www.ipblocker.org/
http://www.iu.hio.no/teaching/materials ... .en&week=6
Best Regards.
Salam,
For your Second Question,
http://fwup.org/
http://www.ipblocker.org/
http://www.iu.hio.no/teaching/materials ... .en&week=6
Best Regards.
Farrukh Ahmed
-
- Lieutenant Colonel
- Posts: 660
- Joined: Sat Jul 06, 2002 12:35 pm
- Location: Islamabad
- Contact:
hey Farhan,
long time no see man..where have you been?
Regarding your question, i have one concern. If you are thinking about blocking a web request to a particular website, it might not be blocked by iptables as the destination address will be that of the next hop gateway and the website address is in the payload. This is where squid proxy comes in.
Regards
Zaeem
long time no see man..where have you been?
Regarding your question, i have one concern. If you are thinking about blocking a web request to a particular website, it might not be blocked by iptables as the destination address will be that of the next hop gateway and the website address is in the payload. This is where squid proxy comes in.
Regards
Zaeem