18.7.2011 12:02, Jari Fredriksson kirjoitti: > 18.7.2011 11:31, tower kirjoitti: >> Hi >> >> Is there any way of use asterisk as wilcard in iptables rule? >> >> For example: >> >> iptables -I OUT_APACHE -d *.fbcdn.com -j ACCEPT >> iptables v1.3.3: host/network `*.fbcdn.com' not found >> >> or >> >> iptables -I OUT_APACHE -d '*.fbcdn.com' -j ACCEPT >> iptables v1.3.3: host/network `*fbcdn.com' not found >> >> or >> >> iptables -I OUT_APACHE -d "*.fbcdn.com" -j ACCEPT >> iptables v1.3.3: host/network "*.fbcdn.com' not found >> >> returns error. >> >> Regards! >> > > iptables uses IP-addresses, but if you enter a DNS-name it tries to > resolve it to an IP-address. You have to figure out somehow the > netblock/mask for fbcdn.com and enter that. > >
$ host fbxdn.com
fbcdn.com has address 69.63.181.11
fbcdn.com has address 69.63.181.12
fbcdn.com has address 69.63.184.142
fbcdn.com has address 69.63.187.17
fbcdn.com has address 69.63.187.19
$ whois 69.63.181.11
Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255
$ rangeToCidr 69.63.176.0 69.63.191.255
69.63.176.0/20
So, the value for iptables is 69.63.176.0/20
--
question = ( to ) ? be : ! be;
-- Wm. Shakespeare
signature.asc
Description: OpenPGP digital signature
