Normally I would say that blocking an outbound IP is pointless since there are billions of different IP’s that your users can go to. However, today Versign pointed *.com, *.net at themselves for a search page that they intend to derive revenue from. Since they are not the legal owners of *.com and *.net (rather they are stewards over it) they have no business doing this.
Note:Since this article was originally posted Verisign has returned the *.com and *.net space back to their correct behavior. Nevertheless, iptables are good to know so I’ll leave this article on the site
To make matters there is a Web bug pasted on the page which is no doubt recording what domains are valuable, probably so that Verisign can turn around and sell those domains at a higher rate.
Then there is the spam. I got 200 peices of spam in one day today. Thats double the normal rate. My ISP must have been filtering them out before, but now all my spam has these bogus domains in the email envolope.
Finally, my registrar godaddy.com does not appear to have been ready for this which is probably costing them a great deal of money. This rubs me the wrong way just enouigh that I’m going to block the only outbound IP I’ve ever blocked.
I’ve always deplored cybersquatters and this cybersquatting to the extreme. So, I can’t do much about Versign’s actions, but I can keep anybody on my little network from being sucked into this garbage. The ip we are seeking to block is 22.214.171.124. Just for fun we’ll pretend that it is a 32 bit network address and a 0 bit host.
So, how do we block an outbound IP. Depending on your linux version you are probably running IP Chains or IP tables.
For IP Chains the statement is
/sbin/ipchains -I output -d 126.96.36.199/32 -j REJECT
for iptables it should be something like
/sbin/iptables -I OUTPUT -d 188.8.131.52/32 -j REJECT
Test out a few of your common destinations, test a bogus destination, and if that works then add the appropriate line to your system start up.