[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: can iptables distinguish difference between domains?



G'day,

From: "Shannon R." <shannon_mtbikes@yahoo.com>
[...]
> now re iptables capability. can it distinguish the
> difference between destinations like, e.g.,
> deb1.debian.org and deb2.debian.org even if both
> domains resolve to the same public ip address?

iptables only works on the ip level. There is no way to know what domain
name was used to reach a particular ip at that level. You can at the
protocol level, provided the protocol supports it (which http does, which is
how http virtual servers work).

This means what you want to do can only be done at the protocol level. This
usually requires a reverse proxy for the particular protocol you are using.
If you only want http, then Apache or squid will do it.

If you need to do this for many protocols, have a look at zorp. It is an
application level firewall with a fast C core, that can be extended in
Python. It has support for doing this kind of thing for a variety of
protocols, and can be easily extended if you have any special requirements.

----------------------------------------------------------------
Donovan Baarda                http://minkirri.apana.org.au/~abo/
----------------------------------------------------------------



Reply to: