[Dnsmasq-discuss] Integration with iptables?

Hartmut Krafft hartmut at mail.ru
Fri Jun 12 08:30:17 BST 2015


Hi Joachim, there's already a way to connect iptables and dnsmasq: look at 
the ipset feature, it is limited in what it can filter, but otherwise might 
help you there.
Best, Hartmut


Hi.

A use case for my router would be:

Block every outgoing traffic except for that going to the domain
whatsapp.net. Note: No way to do this by port, whatsapp is using
http(s).

Since there is no way to list the hosts in a domain this would require a
way for dnsmasq to talk to iptables. Any suggestions on how to do that?

tail -f dnsmasq-query.log | add_iptables_rules.sh

could do that, but maybe this is worth implementing a way to talk to
iptables. Can iptables tag ip addresses?

There are lots of similar use cases, e.g.:

Block everything from my tv except for
1. the request to test network connectivity and
2. all traffic going to netflix.

In general, control over the outgoing traffic needs cooperation from
dns.

Sincerely,
Joachim



_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss





More information about the Dnsmasq-discuss mailing list