> On Fri, Mar 22, 2002 at 01:40:49PM +0100, LuisMi wrote: > > HI, I want to reject a traffic from a domain, and I wanted to know how is > > possible to do that, will be correct if I write... > > > > iptables -A blacklisted -i eth0 -s .aureate.com -j DROP ???? > > Sorry, that's not really possible. You can operate on a netblock basis > (192.168.0.0/16, say, for everything from 192.168.0.0 to > 192.168.255.255), but the kernel doesn't deal with DNS names at all, > only IP addresses. If you know that everything you want to allow to > access that system will be within a particular IP block, then using mask > notation (as above) would be your best bet.
It works for me, well, the other way around. I've blocked everything from dmz to the internet, except http access to www.trustix.net, which I allow to upgrade my system (swup --upgrade). Works like a charm, and I can't visit other http sites from the dmz. /christopher thorjussen
