I'm on a simple linux proxy. I'd like to add iptable rules to drop all requests for a specific domain. I figured I run a dig command to get the ip addresses for the domain and then add an iptable rule for each one. It seems, however, that it doesn't work to bind to more than one ip address. So, it seems I need to add ip ranges like this…
iptables -I FORWARD -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j DROP
That seems to work. However, it has proven pretty problematic to parse the output of dig and correctly create the appropriate iptable rules. Is there a better way?
Best Answer
You can specify hostnames in
iptables
commands which will get resolved at rule-add time. Hostnames which resolve to multiple IPs are also supported, although they generate multiple rules.