Re: Iptables vhost

To: <debian-firewall@lists.debian.org>
Subject: Re: Iptables vhost
From: "Ben Pearson" <webmaster@kped.com.au>
Date: Wed, 17 Sep 2003 08:38:23 +1000
Message-id: <[🔎] 007101c37ca5$5579ce80$644d17cb@KPE>
References: <[🔎] 200309161210.25813.debian@masterpe.nl>

> Hi,
>
> Is it posebole with iptables to filter on a DNS name not a ip address?
>
> What i have is an x hosts / domain names and 1 ipadres.
>
> Lets take an example.
>
> Host              IP address
> Host.example1.com 192.168.1.2
> Host.example2.com 192.168.1.2
>
> And what i want to do is a packet that is for DNS name Host.example1.com
is to
> go to rule 1 and Host.example2.com is to go to rule 2.
>
> I hope it's clear becource my english is not that good.
>
> Greets,
>
> Master_PE
>
Generally, no because IPTables is a packet filtering firewall. To block
actual host names you need a proxy firewall like Squid. Squid is actually
really good for a business, because if you set up Squid right as a
transparent proxy you can stop people from visiting sites that they
shouldn't during work hours eg. porn.

HTH
Ben

Reply to:

References:
- Iptables vhost
  - From: Master_PE <debian@masterpe.nl>

Prev by Date: RE: Iptables vhost
Next by Date: Re: IPtables
Previous by thread: RE: Iptables vhost
Next by thread: deny outgoing ports with exception using narc
Index(es):
- Date
- Thread