0

Is that possible to forbid the outgoing public IP address and access private IP only?

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

I know there is a way to drop IP via iptables

iptables -I OUTPUT-s 11.0.0.0 -j DROP
... etc

Is there a convenient way to block all of them?

Improve this question
2
  • Just so I understand, you want your machine to ONLY be able to access the private IP ranges and not be able to access ANY public IPs? Commented Jun 26, 2019 at 23:17
  • @ColinWu Right! Commented Jun 27, 2019 at 16:15

1 Answer 1

Reset to default
1 
iptables -A OUTPUT -d  10.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -d 172.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -d 192.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -j DROP

See

https://en.wikipedia.org/wiki/Reserved_IP_addresses

For an accurate list of reserved address space.

Improve this answer
2
  • Thanks! It works, but you add one more . in your first command Commented Jun 27, 2019 at 16:24
  • Furthermore, the private IP list is wrong. I use the following. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 , 127.0.0.0/8 Commented Jun 27, 2019 at 16:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.