How to block OUTGOING access to an IP address

Author	All Replies
CapinPete Premium join:2002-12-23 Loxahatchee, FL	How to block OUTGOING access to an IP address I want to block outgoing access to an IP address. Blocking access by domain name is simple enough, however, this is proving to be a lot more difficult.
	to forum · permalink · · 2006-03-04 11:57:02 ·
PrntRhd join:2004-11-03 Fairfield, CA	Need more info. What are you blocking the address from? Do you have a firewall? Router?
	to forum · permalink · · 2006-03-04 11:58:51 ·
CapinPete Premium join:2002-12-23 Loxahatchee, FL	My apologies. I do not use a software firewall and I prefer not to. I am behind a WRT54G running HyperWRT + tofu9. I am not sure what you mean by "What am I blocking the address from"? My end goal is to prevent 2 things: 1) Users on my network circumventing the hosts file by using an IP address to access a website AND 2) Software from phoning home. A lot of software now uses an IP address over port 80 to phone home. For obvious reasons I cant disable port 80. And since users/software can still use an IP address to access things I dont want them to the only solution is to block access to that IP.
	to forum · permalink · · 2006-03-04 12:09:19 ·
no__1__here Premium join:2003-10-13 Tomball, TX	Use an iptables rule to block the outbound. I don't use HyperWRT so I don't know which groups they have defined, but basically you need a jump out of the FORWARD chain to a custom group where you list your stuff. An example: # Populate your custom group, called Block_Outbound here # use the IP in place of the FQDN used below iptables -N Block_Outbound iptables -A Block_Outbound -d www.cnn.com -j DROP iptables -A Block_Outbound -d www.nytimes.com -j DROP # Add a jump to FORWARD chain to check the above group # Be sure to 'iptables -L FORWARD' to see which line you # need to insert this before/after... assuming 4 here and a # custom group name of Block_Outbound iptables -I FORWARD 4 -j Block_Outbound I'm sure this can be improved, but is given only as an example. :) Add this to HyperWRT's firewall startup script.
	to forum · permalink · · 2006-03-04 12:38:34 ·
kw Premium join:2004-06-12	reply to CapinPete Just add an entry to your HOSTS file.
	to forum · permalink · · 2006-03-04 13:40:51 ·
GadgetsRme R.I.P. dadkins Premium join:2002-01-30 Canon City, CO 1 edit	Hey God, read the OP's post again. Play closer attn. to item 1. -- Gadgets
	to forum · permalink · · 2006-03-04 14:04:49 ·
kw Premium join:2004-06-12	Yes....and? You can just set the IP addy to forward somewhere else in the HOSTS file. For instance, you could forward Google.com (64.233.187.104) to localhost, then whenever you go to Google, it'll perform a DNS lookup to the above IP, then 404, because it'll attempt to load a page that is being served up on localhost instead.
	to forum · permalink · · 2006-03-05 00:31:17 ·
GadgetsRme R.I.P. dadkins Premium join:2002-01-30 Canon City, CO 2 edits	But if, as the OP says, the IP # is being entered instead of an (www.-----.com) address the Hosts file is bypassed and does not have any effect. The Hosts file will not change one IP # to another. See this link for a more detailed explanation: »accs-net.com/hosts/what_is_hosts.html Especially note the restrictions section on the second page. -- Gadgets
	to forum · permalink · · 2006-03-05 15:00:49 ·


Sunday, 29-Nov 01:18:30	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF