I need to block all outgoing traffic to a domain with all its subdomains.
I tried to do something like this:
sudo ufw deny out from any to *.domain.com
but of course it doesn't work because it needs an IP number.
How can I do this?
Asked
Active
Viewed 5,154 times
0
terdon
- 98,183
- 15
- 197
- 293
user3021729
- 141
- 1
- 5
-
Note that neither UFW or `iptables` are *domain-aware* - they are only IP aware. They are not built to do base-domain filtration, you would need something more akin to a customized DNS server with RPZ zones to deny lookups from succeeding for that domain, and then point your system's DNS to that. I am writing instructions to do this myself for my blog, but no idea when I'll have a complete answer for that. – Thomas Ward Jan 31 '23 at 15:30
-
It seems like /etc/hosts would be a good approach if I understood the question the way it was intended. I found https://superuser.com/questions/773635/block-network-access-to-a-domain-ubuntu to have a good answer to this. The answer I found most helpful is this one: https://superuser.com/a/773636/172474 – Karl Henselin Jan 31 '23 at 15:18
-
Both answers you've provided links to do not cover subdomains. Which is what OP wants. – Thomas Ward Jan 31 '23 at 15:29
1 Answers
2
You can do this more reliably with hosts.deny in just a few seconds:
- Open Terminal (if it’s not already open)
- Edit
hosts.denyasroot:sudo vi /etc/hosts.deny - At the bottom of the file, add:
ALL : .domain.com - Save the file
The preceding dot in .domain.com is important. Do not forget it
-
1Doesn't this prevent incoming access instead of outgoing access? – Karl Henselin Jan 31 '23 at 15:14
-
1
-
Downvoted. The manpage is really not very clear on this, but it does indeed appear that hosts.deny only operates on incoming connections. And [another answer](https://askubuntu.com/a/23225/1007001) suggests that Ubuntu services ignore the hosts.deny settings anyway, though I don't know whether that's accurate. – Matthew May 01 '23 at 10:10