On Sun, March 11, 2018 7:09 am, Leon Fauster wrote:
> Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <i...@microlinux.fr>:
>> I've experimented some more, and I have a partial success. Here, I'm
>> redirecting all HTTPS traffic *except* the one that goes to my bank:
>> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
>> www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
>> This works because my bank is hosted on a single IP. As soon as I
>> replace that with a domain that's hosted on multiple IP's, I get this:
>> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d www.google.com
>> --dport 443 -j REDIRECT --to-port 3129
> May I ask, after all it doesn't work with google.com, right?
I would also like to add: it is a bad practice IMHO to give preference to
some particular search engine, unless it is single user personal machine.
Many people prefer different search engines (duckduckgo.com just to
mention one), some specifically avoid google.
>> # firewall.sh
>> iptables v1.4.21: ! not allowed with multiple source or destination IP
>> So my question is: how can I write an iptables rule (or series of rules)
>> that redirect all traffic to my proxy, *except* the one going to
>> <list_of_domains> ?
> It is not a good practice to place domain names into iptables rules.
> a custom table, place this table into your rule list (to stick at the
> place) and feed that table with the resolved domain names. This can be
> while running in the case of changes (check resolving results
> CentOS mailing list
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
CentOS mailing list