[Firewall] Custom-rules

Michel van Dop mvandop at xs4all.nl
Mon Jun 11 16:39:38 CEST 2012


Hello,

Default i block the server to get some contect of port 80 and port 443.  I
use the custom-rules.

But sometimes i must unblock ip some cms website must communicate to a
other server on port 80 for spam black list etc so..

 i use this:

# exception to one webserver.
/sbin/iptables -A OUTPUT -s xx.xx.xx.xx -d xx.xx.xx.xx -p tcp --dport 80
-j ACCEPT

# now blokking the rest
/sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP
/sbin/iptables -A OUTPUT -p tcp --dport 443 -j DROP


This works great...  But now one DNS name have more ips (load balance) how
to accept this?  I know iptables do not work for a domain name only ip.
And sometimes the is a dns change and the iptable rule do not work.

Do any one have a good solution?

Best regards,

Michel






More information about the Firewall mailing list