Discussion:
Inserting new rule with wildcard
tower
2011-07-18 08:31:12 UTC
Permalink
Hi

Is there any way of use asterisk as wilcard in iptables rule?

For example:

iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT
iptables v1.3.3: host/network `*.fbcdn.com' not found

or

iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT
iptables v1.3.3: host/network `*fbcdn.com' not found

or

iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT
iptables v1.3.3: host/network "*.fbcdn.com' not found

returns error.

Regards!
Jari Fredriksson
2011-07-18 09:02:25 UTC
Permalink
Post by tower
Hi
Is there any way of use asterisk as wilcard in iptables rule?
iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT
iptables v1.3.3: host/network `*.fbcdn.com' not found
or
iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT
iptables v1.3.3: host/network `*fbcdn.com' not found
or
iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT
iptables v1.3.3: host/network "*.fbcdn.com' not found
returns error.
Regards!
iptables uses IP-addresses, but if you enter a DNS-name it tries to
resolve it to an IP-address. You have to figure out somehow the
netblock/mask for fbcdn.com and enter that.
--
Q: How do you stop an elephant from charging?
A: Take away his credit cards.
Jari Fredriksson
2011-07-18 10:44:24 UTC
Permalink
Post by Jari Fredriksson
Post by tower
Hi
Is there any way of use asterisk as wilcard in iptables rule?
iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT
iptables v1.3.3: host/network `*.fbcdn.com' not found
or
iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT
iptables v1.3.3: host/network `*fbcdn.com' not found
or
iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT
iptables v1.3.3: host/network "*.fbcdn.com' not found
returns error.
Regards!
iptables uses IP-addresses, but if you enter a DNS-name it tries to
resolve it to an IP-address. You have to figure out somehow the
netblock/mask for fbcdn.com and enter that.
$ host fbxdn.com
fbcdn.com has address 69.63.181.11
fbcdn.com has address 69.63.181.12
fbcdn.com has address 69.63.184.142
fbcdn.com has address 69.63.187.17
fbcdn.com has address 69.63.187.19

$ whois 69.63.181.11
Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255

$ rangeToCidr 69.63.176.0 69.63.191.255
69.63.176.0/20

So, the value for iptables is 69.63.176.0/20
--
question = ( to ) ? be : ! be;
-- Wm. Shakespeare
Armin Kneip
2011-07-18 10:57:27 UTC
Permalink
Hi,
Post by Jari Fredriksson
So, the value for iptables is 69.63.176.0/20
Facebook has more addresses:

66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22


Regards,

Armin Kneip
Francois BAYART
2011-07-18 12:11:25 UTC
Permalink
Post by Armin Kneip
Post by Jari Fredriksson
So, the value for iptables is 69.63.176.0/20
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
best way, create a fake domain "facebook.com" (and add the others
Facebook alias) in your internal DNS server.


/Francois

Loading...