How to block access to websites using iptables on Linux.

Blocking access to certain websites is very easy using iptables. The example below will block access to one website.

[root@2403-4800-25af-b00--2 Videos]# iptables -A OUTPUT -p tcp -m string --string &quot;dailytelegraph.com.au&quot; --algo kmp --to 65535 -j REJECT --reject-with icmp-port-unreachable

This is very easy to do. Loading the website in the web browser is futile, it will time out.

This is a more useful script example, this will block ICMP packets as well as access to unwanted websites.

# Generated by iptables-save v1.4.21 on Thu Mar 20 16:04:48 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p tcp -m tcp --dport 23 -j DROP
-A INPUT -p tcp -m tcp --dport 21 -j DROP
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string "dailytelegraph.com.au" --algo kmp --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string "*4chan.org" --algo kmp --to 65535 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string "boards.4chan.org" --algo kmp --to 65535 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Mar 20 16:04:48 2014

Load these rules into your iptables using this command.

[root@2403-4800-25af-b00--2 Documents]# iptables-restore &lt; iptables.sh

Then, it is possible to check the added iptables rules.

[root@2403-4800-25af-b00--2 Documents]# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p tcp -m tcp --dport 23 -j DROP
-A INPUT -p tcp -m tcp --dport 21 -j DROP
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string &quot;dailytelegraph.com.au&quot; --algo kmp -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string &quot;*4chan.org&quot; --algo kmp -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m string --string &quot;boards.4chan.org&quot; --algo kmp -j REJECT --reject-with icmp-port-unreachable

This is a very nice trick for a Linux user.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

John Cartwright on The Stalker 2 dev build has leaked on the Internet.June 14, 2024
Here is a Stalker 2 Repack. magnet:?xt=urn:btih:cwjz3l4nzfhiwe7jdhcemu7j7qnypmay&dn=STALKER2%20Repack%20By%20VTSS&xl=171719420896&fc=111
David on The Stalker 2 dev build has leaked on the Internet.May 26, 2024
Hello, do you have buld 5b915c12? link: https://btdig.com/63567989c3d13b1faf5c249e5b38af17101a1b82 I'm trying to download it but it seems to be offline. If…
ChatGPT Online on How to enable Developer mode in ChatGPT and get better prompt results.May 10, 2024
Great tutorial on enabling developer mode in ChatGPT! I appreciate the detailed instructions provided. This has really helped me improve…
John Cartwright on Finding password files and other information online using Google Dorks.April 30, 2024
S3 bucket find Using Google Dorks 🌍 Here are a couple of examples: site:http://amazonaws.com inurl:". s3.amazonaws.com/" site:http://s3.amazonaws.com intitle:index.
Glavinas Vaszilis on Install the Youtube Red app on Ubuntu and watch Youtube videos.April 28, 2024
how to run the command?
Random Guy on How to get a list of all YouTube videos on a channel with yt-dlp.January 13, 2024
Oh WordPress ruined the command formatting. I think you can figure this out.
Random Guy on How to get a list of all YouTube videos on a channel with yt-dlp.January 13, 2024
Both things can also be achieved with just yt-dlp. Print chapter titles: yt-dlp --print "%(chapters.:.title)#l" https://www.youtube.com/watch?v=o1jv509M8Zg Print 15 latest videos:…
slermcat on Another look at the NeXTSTEP source code.January 4, 2024
I used to administer a nextstep machine (color pizza slab, 24MB ram). Wrote display postscript demos and screensavers for it.…
slermcat on Amazing new shooter game that runs in awk.January 4, 2024
yeah good example of how simple raycasting a-la wolfenstein is i write fun stuf in bash but i'm less cool…
slermcat on How to get a nice waveform display with the MPV media player on Linux.January 4, 2024
mpv --config=no --audio-device=pulse/alsa_output.usb-0c76_USB_PnP_Audio_Device-00.analog-stereo --quiet --vo=tct --lavfi-complex='[aid1]asplit[ao][a1];[a1]showcqt[vo]' /media/sdc2/Projects/Music/NSF/amazingmusic/NSF_Archive/Chiptune_Artists/Originals/* showcqt ftw! thanks!
Sherfvip on The Stalker 2 dev build has leaked on the Internet.December 7, 2023
Hi.. does the launcher comes in english..also in game options not working Thank you