How to block, deny or redirect an IP address or website domain

networking internet

iptables is helpful if it is only a few ip / domain names.

With iptables you can restrict based on user, group, and/or time although to do so you need to use the OUTPUT table. So to allow root, and a group "web", use

# this allows root for things such as apt-get
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# this allows users of the group web
# create a group, web, and add users to it to allow access
sudo iptables -A OUTPUT -m owner --gid-owner web -j ACCEPT

# These two rules allow access to port 80 and 443 over the lunch hour
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -m time --timestart 12:00 --timestop 13:00 -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -j DROP

But as your needs grow more complex, it is helpful to use proxies. For example you can use privoxy (and others) for adblock. Squid adds in filtering and more complex rules (acl or access control lists), but is likely over kill for a home user.

You then make the proxy transparent with iptables

# This allows root
sudo iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT

# This allows privoxy, which serves as adblock
sudo iptables -A OUTPUT -p tcp --dport 80 -m owner --uid-owner privoxy -j ACCEPT

# this blocks direct access to ports 80 to all other users
sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP

# This allows squid to access privoxy (I think squid runs as "proxy")
#sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -m owner --uid-owner proxy -j ACCEPT

# this rule blocks other users from direct access to privoxy
sudo iptables -A OUTPUT -o lo -p tcp --dport 8118 -j DROP

# Redirect all outgoing traffic on port 80 to squid listening on port 3128
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 3128

Now you install and configure privoxy and squid

Ubuntu server guide squid

Ubuntu wiki privoxy

The problem with this method is you then need to install squidguard, configure squid, etc, which would be a long post and better suited to a larger LAN.


I found a better solution for you, moblock , it comes with a blacklist that is updated daily and a graphical configuration tool.

To install it run

sudo add-apt-repository ppa:jre-phoenix/ppa
sudo apt-get update
sudo apt-get install moblock blockcontrol mobloquer

Then run Mobloquer

For additional information see Moblock Home Page (sourceforge)

shot 1

enter image description here

Related

Configuring network settings in Linux via gsettings/script/terminal
Changing the login screen design? [duplicate]
How to log memory usage per minute on Ubuntu Server?
Ubuntu 20.04.1 LTS Significant Throttling of Intel i7 Processor
avoid using nvidia card for Xorg with plasma
Mouse cursor stuck in top left of screen but can still move and interact with invisible mouse
Ubuntu 12.04 Battery problem
How to stop my 12.04 randomly loging me out?
Time to lock desktop
Cron only runs first part of script [duplicate]
How do I install Nvidia Optimus in 14.04?
How to install wireless antenna TP-LINK TL-WN722N?