Results 1 to 5 of 5

Thread: Blocking hosts with iptables

Hybrid View

  1. #1

    Blocking hosts with iptables

    I'm trying to prevent baner ads appearing on any computers within my Lan.

    At the moment I'm adding these lines to my firewall rules every time I come accross a new ad server

    Code:
    iptables -A INPUT  -s some.adserver -j DROP
    iptables -A OUTPUT -d some.adserver -j REJECT
    iptables -A FORWARD -d some.adserver -j REJECT
    iptables -A FORWARD -s some.adserver -j DROP
    This seems to be doing the job for the most part, but its quite labourious hgaving to insert 4 lines for every ad server I come accross and my rules are going to get very large very quickly. :

    What I'd rather be able to do is to say:

    Code:
    iptables -A INPUT  -s $adserver -j DROP
    iptables -A OUTPUT -d $adserver -j REJECT
    iptables -A FORWARD -d $adserver -j REJECT
    iptables -A FORWARD -s $adserver -j DROP
    And have a list of adservers that would be dropped. Is that doable? If so can someone please enlighten me.

    Better still I'd like to be able to redirect requests for the adverts to my local machine and send a 1x1 transparent gif instead of the banner that was supposed to be loaded. Is that possible?

    I just know someone will reccomend I use killads or something, but I'd rather have something dong the filtering on the gateway machine, that saves me having to mess about with every PC that gets connected to the LAN.

    Thanks..

  2. #2

    Re: Blocking hosts with iptables

    I think if you just do

    Code:
    adserver="xxx.xxx.xx.x,xxx.xxx.xx.x"
    then do your

    Code:
    iptables -A INPUT  -s $adserver -j DROP
    iptables -A OUTPUT -d $adserver -j REJECT
    iptables -A FORWARD -d $adserver -j REJECT
    iptables -A FORWARD -s $adserver -j DROP
    it should work.

    Don't know about the second part.

  3. #3

    Re: Blocking hosts with iptables

    Does the gateway function as a browser too? If not, then you can eliminate the first two lines.

  4. #4

    Re: Blocking hosts with iptables


    I think if you just do

    Code:
    adserver="xxx.xxx.xx.x,xxx.xxx.xx.x"
    then do your

    Code:
    iptables -A INPUT * -s $adserver -j DROP
    iptables -A OUTPUT *-d $adserver -j REJECT
    iptables -A FORWARD -d $adserver -j REJECT
    iptables -A FORWARD -s $adserver -j DROP
    it should work.
    It just whinges at me about not being able to find the host if i do it like that :-/

    Dropping the input/output chains will certainly stop rules growing quite so quickly though...

    This isn't working and I have no idea why. It's blocking out some ads, but not all of them. For example banners on geocities pages are still loading, despite me having us.a1.yimg.com blocked. What am I doing wrong here?


  5. #5

    Re: Blocking hosts with iptables

    Try something like this in a script:

    Code:
    for ads in ads.com advertisements.com spam.com
     do iptables -A INPUT -s $ads -j REJECT
     { other rules }
    done
    Or if you would like to keep all the sites to block in a seperate file, say /etc/adsites, do this:

    Code:
    for ads in `cat /etc/adsites`
     do iptables -A INPUT -s $ads -j REJECT
     { blah blah... }
    done
    That's the easiest ways I can come up with.

Similar Threads

  1. Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES
    By malcoholio in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-11-2005, 06:58 PM
  2. Blocking webservers
    By Lunke in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 08-10-2004, 02:27 AM
  3. Blocking hosts by re-directing dns queries
    By ph34r in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 12-24-2003, 02:11 AM
  4. Blocking an IP address
    By cloverm in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 03-26-2002, 09:32 AM
  5. firewall blocking 68.*.*.* and 67.*.*.*
    By gjansky in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 03-08-2002, 10:40 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •