linux:iptables:block_social
Блокируем социальные сети (VK, FB, OK) через iptables
Источник: https://demon.of.by/blog/linux-admin/how-to-block-social-networks-via-https-using-iptables/
AS_TO_BAN="AS32934 AS47541 AS47542 AS49988"
# Below are the autonomus system (AS) numbers for some social networks
# AS32934 -- facebook.com
# AS47541 AS47542 -- vk.com
# AS49988 -- ok.ru
AS_TO_BAN="AS32934 AS47541 AS47542 AS49988"
#Exceptions for some privilegied users
SOCIAL_ALLOW_IPs="192.168.1.111"
SOCIAL_ALLOW_MACs="00:15:5D:01:C9:01"
echo ""
echo "Block Social sites"
$IPT -N SOCIAL
# Allow social for some user by their IPs
for userip in $SOCIAL_ALLOW_IPs; do
$IPT -A SOCIAL -s $userip -j ACCEPT
done
# Allow social for some user by their MACs
for mac in $SOCIAL_ALLOW_MACs; do
$IPT -A SOCIAL -m mac --mac-source $mac -j ACCEPT
done
# Block for others
$IPT -A SOCIAL -j DROP
## Here, we collect all ip-ranges and block access via HTTPS
for as in $AS_TO_BAN; do
for ip in `whois -h whois.radb.net "!g$as" | grep /`
do
$IPT -A FORWARD -i eth0 -p tcp --dport 443 -d $ip -j SOCIAL
done
done
linux/iptables/block_social.txt · Последнее изменение: 2017/11/01 13:25 — 127.0.0.1
Обсуждение