[Firewall] Custom-rules

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Jun 13 15:01:33 CEST 2012


I think the "easiest" solution would be modifying the DynDNS-plugin so 
it opens up all IPs for a certain hostname + change the INPUT chains 
into OUTPUT, although I doubt you can do this via the INPUT chain....

a.

On 11-Jun-12 16:39, Michel van Dop wrote:
> Hello,
>
> Default i block the server to get some contect of port 80 and port 443.  I
> use the custom-rules.
>
> But sometimes i must unblock ip some cms website must communicate to a
> other server on port 80 for spam black list etc so..
>
>   i use this:
>
> # exception to one webserver.
> /sbin/iptables -A OUTPUT -s xx.xx.xx.xx -d xx.xx.xx.xx -p tcp --dport 80
> -j ACCEPT
>
> # now blokking the rest
> /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP
> /sbin/iptables -A OUTPUT -p tcp --dport 443 -j DROP
>
>
> This works great...  But now one DNS name have more ips (load balance) how
> to accept this?  I know iptables do not work for a domain name only ip.
> And sometimes the is a dns change and the iptable rule do not work.
>
> Do any one have a good solution?
>
> Best regards,
>
> Michel
>
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list