1. Home
  2. Linux systems
  3. Linux security

Recipe 2.8 Blocking Access to a Remote Host

2.8.1 Problem

You want to block outgoing traffic to a particular host.

2.8.2 Solution

To block all access:

For iptables:

# iptables -A OUTPUT -d remote_IP_address -j REJECT

For ipchains:

# ipchains -A output -d remote_IP_address -j REJECT

To block a particular service, such as a remote web site:

For iptables:

# iptables -A OUTPUT -p tcp -d remote_IP_address --dport www -j REJECT

For ipchains:

# ipchains -A output -p tcp -d remote_IP_address --dport www -j REJECT

2.8.3 Discussion

Perhaps you've discovered that a particular web site has malicious content on it, such as a trojan horse. This recipe will prevent all of your users from accessing that site. (We don't consider "redirector" web sites, such as http://www.anonymizer.com, which would get around this restriction.)

2.8.4 See Also

iptables(8), ipchains(8).



    		Preface
    		Chapter 1. System Snapshots with Tripwire
    		Chapter 2. Firewalls with iptables and ipchains
    		Recipe 2.1 Enabling Source Address Verification
    		Recipe 2.2 Blocking Spoofed Addresses
    		Recipe 2.3 Blocking All Network Traffic
    		Recipe 2.4 Blocking Incoming Traffic
    		Recipe 2.5 Blocking Outgoing Traffic
    		Recipe 2.6 Blocking Incoming Service Requests
    		Recipe 2.7 Blocking Access from a Remote Host
    		Recipe 2.8 Blocking Access to a Remote Host
    		Recipe 2.9 Blocking Outgoing Access to All Web Servers on a Network
    		Recipe 2.10 Blocking Remote Access, but Permitting Local
    		Recipe 2.11 Controlling Access by MAC Address
    		Recipe 2.12 Permitting SSH Access Only
    		Recipe 2.13 Prohibiting Outgoing Telnet Connections
    		Recipe 2.14 Protecting a Dedicated Server
    		Recipe 2.15 Preventing pings
    		Recipe 2.16 Listing Your Firewall Rules
    		Recipe 2.17 Deleting Firewall Rules
    		Recipe 2.18 Inserting Firewall Rules
    		Recipe 2.19 Saving a Firewall Configuration
    		Recipe 2.20 Loading a Firewall Configuration
    		Recipe 2.21 Testing a Firewall Configuration
    		Recipe 2.22 Building Complex Rule Trees
    		Recipe 2.23 Logging Simplified
    		Chapter 3. Network Access Control
    		Chapter 4. Authentication Techniques and Infrastructures
    		Chapter 5. Authorization Controls
    		Chapter 6. Protecting Outgoing Network Connections
    		Chapter 7. Protecting Files
    		Chapter 8. Protecting Email
    		Chapter 9. Testing and Monitoring
    		Colophon