Re: ip range with iptables

["Martin A. Brown" <mabrown-firewall-wizards () securepipe com>]

Hallo,

 : I am trying to block yahoo messenger for my LAN, but only on certain ip
 : range, how can i do this? i already read some articles that we can't do
 : this with iptables, but is there any other way to work around this task??
 :
 : On more thing, i manage to figured out yahoo messenger servers, instead
 : blocking each IP address for it, i block the main servers,

Check the iptables tutorial:

  http://iptables-tutorial.frozentux.net/iptables-tutorial.html

# POLICY=REJECT     # -- if you want to return an ICMP to the client
POLICY=DROP         # -- or not; just throw it in the garbage

for yahoo in 216.136.130.46 216.136.233.130 216.136.224.142 $OTHERS ; do
  iptables -t filter -I FORWARD -d $yahoo -j $POLICY
done

And/or you could do this via the routing table.

# ip route add prohibit 216.136.175.132
# ip route add prohibit 216.136.224.213

  http://linux-ip.net/html/routing-tables.html#routing-table-entries

But, of course, you'll have to continually update your entries for yahoo's
login servers.  Oy!

Good luck,

-Martin

$ host scs-fooa.yahoo.com
scs-fooa.yahoo.com has address 216.136.130.46
scs-fooa.yahoo.com has address 216.136.233.130
scs-fooa.yahoo.com has address 216.136.224.142
scs-fooa.yahoo.com has address 216.136.224.143
scs-fooa.yahoo.com has address 66.163.173.76
scs-fooa.yahoo.com has address 66.163.168.105
scs-fooa.yahoo.com has address 216.136.233.129
scs-fooa.yahoo.com has address 216.136.224.213
scs-fooa.yahoo.com has address 216.136.175.132

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown () securepipe com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards