[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Inserting new rule with wildcard



18.7.2011 12:02, Jari Fredriksson kirjoitti:
> 18.7.2011 11:31, tower kirjoitti:
>> Hi
>>
>> Is there any way of use asterisk as wilcard in iptables rule?
>>
>> For example:
>>
>> iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT
>> iptables v1.3.3: host/network `*.fbcdn.com' not found
>>
>> or
>>
>> iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT
>> iptables v1.3.3: host/network `*fbcdn.com' not found
>>
>> or
>>
>> iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT
>> iptables v1.3.3: host/network "*.fbcdn.com' not found
>>
>> returns error.
>>
>> Regards!
>>
> 
> iptables uses IP-addresses, but if you enter a DNS-name it tries to
> resolve it to an IP-address. You have to figure out somehow the
> netblock/mask for fbcdn.com and enter that.
> 
> 

$ host fbxdn.com
fbcdn.com has address 69.63.181.11
fbcdn.com has address 69.63.181.12
fbcdn.com has address 69.63.184.142
fbcdn.com has address 69.63.187.17
fbcdn.com has address 69.63.187.19

$ whois 69.63.181.11
Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255

$ rangeToCidr 69.63.176.0 69.63.191.255
69.63.176.0/20

So, the value for iptables is 69.63.176.0/20

-- 

question = ( to ) ? be : ! be;
		-- Wm. Shakespeare

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: