18.7.2011 12:02, Jari Fredriksson kirjoitti: > 18.7.2011 11:31, tower kirjoitti: >> Hi >> >> Is there any way of use asterisk as wilcard in iptables rule? >> >> For example: >> >> iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT >> iptables v1.3.3: host/network `*.fbcdn.com' not found >> >> or >> >> iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT >> iptables v1.3.3: host/network `*fbcdn.com' not found >> >> or >> >> iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT >> iptables v1.3.3: host/network "*.fbcdn.com' not found >> >> returns error. >> >> Regards! >> > > iptables uses IP-addresses, but if you enter a DNS-name it tries to > resolve it to an IP-address. You have to figure out somehow the > netblock/mask for fbcdn.com and enter that. > > $ host fbxdn.com fbcdn.com has address 69.63.181.11 fbcdn.com has address 69.63.181.12 fbcdn.com has address 69.63.184.142 fbcdn.com has address 69.63.187.17 fbcdn.com has address 69.63.187.19 $ whois 69.63.181.11 Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255 $ rangeToCidr 69.63.176.0 69.63.191.255 69.63.176.0/20 So, the value for iptables is 69.63.176.0/20 -- question = ( to ) ? be : ! be; -- Wm. Shakespeare
Attachment:
signature.asc
Description: OpenPGP digital signature