block network access to a domain (ubuntu)

1

I have a few ubuntu servers in various geographies. I want to block all outgoing connections from all ubuntu machines (all processes) to several domains, e.g. www.server.com. I know iptables can block an ip, but can it also block a domain? Is it slow (e.g. with constant dns resolution)? Is it better to resolve the the dns myself one time and then configure iptable with the ip? I'm affraid the ip might change or be affected by geography which is a problem for me.

Yaron Naveh

Posted 2014-06-26T08:35:01.223

Reputation: 253

Answers

4

If you only have a few servers, or the list is not going to change frequently, I'd recommend using /etc/hosts and adding the domains there, like this:

127.0.0.1 server.com
127.0.0.1 server2.com
127.0.0.1 server3.com

Of course, this wouldn't block a direct connection by IP - is that something you need to prevent too?

James

Posted 2014-06-26T08:35:01.223

Reputation: 206

yes I want to block every process trying to access server.com in any way (ip/domain) – Yaron Naveh – 2014-06-26T08:50:47.230

This would work to a certain degree; unless a process already knew the IP of the server they were contacting it would be found using the system's name resolution and resolve to 127.0.0.1. Of course, there are other ways to find the IP of a domain, but if you don't know the IPs of the servers you'd like to block (because they could change) you wouldn't know if any IP being contacted by any process was for a forbidden domain... It's a vicious circle, if you see what I mean! – James – 2014-06-26T08:54:53.347

Asked: 2014-06-26T08:35:01.223

Viewed: 1 203 times

Active: 2014-06-26T08:49:14.537