How can I block outgoing traffic to a domain with all subdomains with UFW or IPTABLES?

Question

I need to block all outgoing traffic to a domain with all its subdomains.

I tried to do something like this:

sudo ufw deny out from any to *.domain.com

but of course it doesn't work because it needs an IP number.

How can I do this?

Note that neither UFW or iptables are domain-aware - they are only IP aware. They are not built to do base-domain filtration, you would need something more akin to a customized DNS server with RPZ zones to deny lookups from succeeding for that domain, and then point your system's DNS to that. I am writing instructions to do this myself for my blog, but no idea when I'll have a complete answer for that. — Thomas Ward, Jan 31 '23 at 15:30
It seems like /etc/hosts would be a good approach if I understood the question the way it was intended. I found https://superuser.com/questions/773635/block-network-access-to-a-domain-ubuntu to have a good answer to this. The answer I found most helpful is this one: https://superuser.com/a/773636/172474 — Karl Henselin, Jan 31 '23 at 15:18
Both answers you've provided links to do not cover subdomains. Which is what OP wants. — Thomas Ward, Jan 31 '23 at 15:29

score 2 · Answer 1 · answered Feb 27 '21 at 16:18

2

You can do this more reliably with hosts.deny in just a few seconds:

The preceding dot in .domain.com is important. Do not forget it

answered Feb 27 '21 at 16:18

1

Doesn't this prevent incoming access instead of outgoing access? – Karl Henselin Jan 31 '23 at 15:14
1

I believe you are correct. – Thomas Ward Jan 31 '23 at 15:29
Downvoted. The manpage is really not very clear on this, but it does indeed appear that hosts.deny only operates on incoming connections. And another answer suggests that Ubuntu services ignore the hosts.deny settings anyway, though I don't know whether that's accurate. – Matthew May 01 '23 at 10:10

1 Answers1