Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4kDogACgkQKL4IzOyjSrYSQgCfRXneHQN3i58JNXpnbabPFyil
AnMAoPQcDm+dJEVL2MM69oQIQ2KHS1Al
=yR/R
-----END PGP SIGNATURE-----
18.7.2011 12:02, Jari Fredriksson kirjoitti:
> 18.7.2011 11:31, tower kirjoitti:
>> Hi
>>
>> Is there any way of use asterisk as wilcard in iptables rule?
>>
>> For example:
>>
>> iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT
>> iptables v1.3.3: host/network `*.fbcdn.com' not found
>>
>> or
>>
>> iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT
>> iptables v1.3.3: host/network `*fbcdn.com' not found
>>
>> or
>>
>> iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT
>> iptables v1.3.3: host/network "*.fbcdn.com' not found
>>
>> returns error.
>>
>> Regards!
>>
>
> iptables uses IP-addresses, but if you enter a DNS-name it tries to
> resolve it to an IP-address. You have to figure out somehow the
> netblock/mask for fbcdn.com and enter that.
>
>
$ host fbxdn.com
fbcdn.com has address 69.63.181.11
fbcdn.com has address 69.63.181.12
fbcdn.com has address 69.63.184.142
fbcdn.com has address 69.63.187.17
fbcdn.com has address 69.63.187.19
$ whois 69.63.181.11
Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255
$ rangeToCidr 69.63.176.0 69.63.191.255
69.63.176.0/20
So, the value for iptables is 69.63.176.0/20
--
question = ( to ) ? be : ! be;
-- Wm. Shakespeare
No comments:
Post a Comment