[SOLVED] URL filtering with iptables?

sironitomas · 2011-03-13 00:45:11

Hi, I'm here again. I've searched everywhere but I can't find consistent information about this. I'm currently sharing internet to a second machine using the tipical Internet Share.

I want to block some url's to the second computer using iptables, because I think it's the appropriate tool to do this. I have followed instructions in a few sites but neither of them works. The most common sentences are:

iptables -A INPUT -s facebook.com -j DROP
iptables -A OUTPUT -d facebook.com -j DROP

Lamentably, the second pc still can use facebook.com, and I don't know how to make iptables work.

Do you have any idea or recommendation?

Thanks!

Last edited by sironitomas (2011-03-14 23:43:17)

hexanol · 2011-03-13 01:24:00

I believe it's not possible to do such filtering with iptables, at least as far as I know, especially for large site like facebook which has a lot of different servers with different IP addresses.

What you really want in this case is an HTTP proxy, like squid or privoxy (altough I only have experience with squid, and experience is kinda a big word). And then, you'll want to use iptables to make sure every HTTP requests is passing through your proxy.

cactus · 2011-03-13 02:46:33

You can use iptables to transparently redirect traffic to a running service to filter based on url, like dansguardian or the already mentioned squid or privoxy (i am sure there are other proxies as well).

DuckDuckGo search results: https://duckduckgo.com/?q=transparent+d … n+iptables

fukawi2 · 2011-03-13 07:16:01

The reason you can't use iptables to block a URL is because iptables works at OSI Layer 3/4. It only deals with IP Addresses, Port Numbers, Protocol (TCP/UDP etc, not HTTP, FTP) etc

The URL is above that, so iptables never gets to 'see' the URL, only the IP Address that it resolves to. If you look at the rule you created in your test (iptables -nvL), you'll see only 1 IP Address was added as a rule.

So, you either need to block ALL the IP Addresses used by Facebook and it's Content Delivery Network (CDN), which is near impossible since they constantly change. Or use a filtering proxy as mentioned by others.

Ref: http://en.wikipedia.org/wiki/OSI_model

sironitomas · 2011-03-13 21:15:07

Thanks for the answers. I suspected facebook has more than one IP, which makes kind of impossible the use of iptables to block it.

@fukawi2: your explanation of the OSI layers was very usefull!

As you all said, I'll have to use a proxy, and I'll try squid. My question is: Is it possible to use squid just for filtering and not caching? What is the line in /etc/squid/squid.conf to do such blocking? I tried to find that in the config file but it's too big!

Last edited by sironitomas (2011-03-13 21:17:01)

fukawi2 · 2011-03-13 23:39:38

This is what I use to block sites:

# Blacklisted Sites; They're crap and we dont want them
acl blacklisted_sites dstdomain wer.microsoft.com
acl blacklisted_sites dstdomain social.microsoft.com
acl blacklisted_sites dstdomain stats.update.microsoft.com

http_access deny blacklisted_sites

And to bypass the cache:

acl cache_bypass_domains dstdomain example.com
no_cache deny cache_bypass_domains
always_direct allow cache_bypass_domains

EDIT: To block Facebook, there's 2 domains you need to deny access to:
facebook.com
fbcdn.net

Last edited by fukawi2 (2011-03-13 23:40:29)

sironitomas · 2011-03-14 23:42:43

@fukawi2 Thank you. I'll try those lines when I have time.

Regards!

Arch Linux

#1 2011-03-13 00:45:11

[SOLVED] URL filtering with iptables?

#2 2011-03-13 01:24:00

Re: [SOLVED] URL filtering with iptables?

#3 2011-03-13 02:46:33

Re: [SOLVED] URL filtering with iptables?

#4 2011-03-13 07:16:01

Re: [SOLVED] URL filtering with iptables?

#5 2011-03-13 21:15:07

Re: [SOLVED] URL filtering with iptables?

#6 2011-03-13 23:39:38

Re: [SOLVED] URL filtering with iptables?

#7 2011-03-14 23:42:43

Re: [SOLVED] URL filtering with iptables?

Board footer