[Dnsmasq-discuss] Integration with iptables?
Hartmut Krafft
hartmut at mail.ru
Fri Jun 12 08:30:17 BST 2015
Hi Joachim, there's already a way to connect iptables and dnsmasq: look at
the ipset feature, it is limited in what it can filter, but otherwise might
help you there.
Best, Hartmut
Hi.
A use case for my router would be:
Block every outgoing traffic except for that going to the domain
whatsapp.net. Note: No way to do this by port, whatsapp is using
http(s).
Since there is no way to list the hosts in a domain this would require a
way for dnsmasq to talk to iptables. Any suggestions on how to do that?
tail -f dnsmasq-query.log | add_iptables_rules.sh
could do that, but maybe this is worth implementing a way to talk to
iptables. Can iptables tag ip addresses?
There are lots of similar use cases, e.g.:
Block everything from my tv except for
1. the request to test network connectivity and
2. all traffic going to netflix.
In general, control over the outgoing traffic needs cooperation from
dns.
Sincerely,
Joachim
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list