The main task is to block all connections, including outgoing ones, except for the specified IP and a pair of sites (ru.archive.ubuntu.com, api.vk.com, discord.com).

I am coping with the first part, but I have not been able to provide access to specific sites for several days already, I hope for your help.

Tried it :

  1. Allow access for a specific IP site (iptables -A OUTPUT -d IP -j ACCEPT).
  2. Allow "route" access fromhost -t a Site->whois IP.
  3. Try to allow access by domain (iptables -A OUTPUT -d DOMEN -j ACCEPT, iptables didn't).

Commands used:

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -s xx.xx.xx.xx -d "$ SERVERIP" -j ACCEPT
iptables -A OUTPUT -s "$ SERVERIP" -d xx.xx.xx.xx -j ACCEPT

If we simplify the task to "block all http, except for a few sites", then you can use a specialized tool -squid

Total Pusher2022-01-10 09:41:29

@Total Pusher, in my case, it is necessary to specifically block all outgoing messages so that through some hole (ala Log4jExploit) it was impossible to download a file and download data bypassing SSH /FTP.

NyashMyash992022-01-10 09:44:37

Better to use an enterprise solution. IP tables solution is knee-length, and for the poor. PS. And prone to turning into noodles as rules are added

Total Pusher2022-01-10 09:47:34