Linux block outgoing traffic to a specific ip without iptables
6,031
You might want to add a null route for that specific ip address. Although, this makes ALL communication to the address impossible, this accomplishes what you need.
You can find examples online of this. one of them. http://www.cyberciti.biz/tips/how-do-i-drop-or-block-attackers-ip-with-null-routes.html
Something like this
route add -host IP-ADDRESS reject
Related videos on Youtube
Author by
WispyCloud
Updated on September 18, 2022Comments
-
WispyCloud over 1 year
I basically need to run the following
iptables -A OUTPUT -d 169.254.169.254 -j DROP
except I cannot useiptables
because the program is running in a docker container and I cannot use the--privileged
argument (shared platform).Is there an alternative to iptables that I could use to achieve the same result?
-
Scott Nelson almost 8 yearsAlternatively you can use the ip command to do the same thing, but check the man page for ip as you have a lot of options on how you want to block that address. Example where you want to silently discard the packets: ip route add blackhole 169.254.169.254
-
WispyCloud almost 8 yearsThanks, I'm getting similar errors using
route
andip
: "route: ioctl 0x890b failed: Operation not permitted" and "ip: RTNETLINK answers: Operation not permitted" which seems to have the same cause, stackoverflow.com/questions/27708376/… -
WispyCloud almost 8 yearsSure I know that, and I'm not trying to change anything on the host, I just want to block the traffic within the container so I am looking at a different way to achieve this result at a higher layer.