CODEWITHSUNDEEP
androidfirewalliptableshostname
Jorge Gabriel Siqueira
Jorge Gabriel Siqueira

Reputation: 309

Block Access to www.facebook.com in Android SO

I'm developing a framework for Android SO. I need to block a hostname, i.e. if I block a hostname, no connection is allowed to this hostname. The user will not be allowed to access this hostname by browser, terminal (shell) or any application. I was planning to use iptables for this task, but there are some hostnames with dynamic IP address, like www.facebook.com. And I'm afraid that dynamic IP changes can affect the iptables power to block hostnames.

Can someone give me a way to block a hostname even if this hostname have a dynamic IP?

Upvotes: 0

Views: 1321

Answers (2)

Jorge Gabriel Siqueira
Jorge Gabriel Siqueira

Reputation: 309

I found a way. I'm able to block an hostname with iptables string matching. To this, i used the following commands:

# iptables -A INPUT -i eth0 -m string --algo bm --string "facebook.com" -j DROP
# iptables -A OUTPUT -m string --algo bm --string "facebook.com" -j DROP
# iptables -A FORWARD -i eth0 -m string --algo bm --string "facebook.com" -j DROP

It is working fine for now.

Upvotes: 1

Martin Carpella
Martin Carpella

Reputation: 12603

You can redirect it to an invalid destination via the hosts file, which as far as I know is located at /system/etc/hosts. This file should be consulted prior to DNS when trying to resolve a hostname.

127.0.0.1 www.blocked.domain www.blocked2.domain

You will need to have root-access and remount /system/ read-write to be able to change the file.

BEWARE: There are ways around this. Any app that wants to "break out" can simply start doing their own DNS queries to circumvent the hosts file. But it is the only practical way to limit based on host name and not IP address.

Upvotes: 2

Related Questions