Hi, You can do this only with IPS (like Snort or suricata) in inline mode! Em seg, 15 de abr de 2019 às 17:30, Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxx> escreveu: > > Hi, > > i ask if it's possible using iptables or conntrack to make following > configuration: > > i have a linux debian 9 server with 2 public static ip > > x.y.z.t1 > > x.y.z.t2 > > and apache listening on 0.0.0.0/0. > > then i have this virtual host on apache: > > website1.domain.tld (DNS -> x.y.z.t1) > > and > > website2.domain.tld (DNS -> x.y.z.t2) > > Virtual host works on 0.0.0.0 ip and in the http packet select host > field to know what website is choosen by client. > > there is any configuration to > > 1A) allow http traffic if destination is x.y.z.t1 and > website1.domain.tld combination > 1B) deny http traffic if destination is x.y.z.t2 and > website1.domain.tld combination > 1C) deny http traffic if destination is x.y.z.t1 and > website2.domain.tld combination > 1C) allow http traffic if destination is x.y.z.t2 and > website2.domain.tld combination > > ?? > > thank you a lot.