Restricting the network to ping only to the Google Search Engine

When we work in the real world, we may come across some use cases where we want to disable the user from accessing the websites other than we allowed. One of the great ways to achieve this is to use the firewall but if we want to know the internals of how the network works, we have to do some experiments to achieve this using pure networking concepts. So, in this article, I will show you how to allow the user to access only the websites that we had allowed using pure networking concepts.

At the end of this article, we will achieve something like that we are able to ping to the Google Search Engine but we can’t ping to other sites like

Let's begin…

The only prerequisite is the internet-enabled computer with a Linux operating system.

First of all, we will check that if our internet is working fine and we are able to ping to other sites.

The routing table is the one that will decide to which network we can connect.

You can see that the default rule in this routing table shows that we can connect to any of the IPs available in the world. That is we can connect to any of the websites in the world. UG 100 0 0 enp0s3

So, if we want to restrict the user first of all we have to remove this routing rule so that the routing table won’t allow going to any IP. The other two rules don’t allow to connect to the public because for going to the internet we required the gateway. And the in the gateway field of the other two rules means the gateway is absent.

Now, as we had deleted all of the routing rules if we tried to ping any of the websites we will get the message that the network is unreachable.

Now, we have to allow the users to connect to the Google Search Engine that is But for allowing connection to, we first required to know the IP address where the Google Search Engine is running.

To find the IP address of the Google Search Engine, we will use the nslookup command.

$ nslookup

As we can see in the above image, the IP of the Google Search Engine is

For creating the rule that will allow connecting to the, we will be required to know the network name within which comes.
Let’s assume that the network name is

Now, we have to give the netmask that will include the IP in the network. So, the netmask will be

Now, we will add the routing rule that can allow connection to the IP

$ route add -net netmask gw enp0s3

Now, let's check if we can connect only to and all other sites are disabled.

You can see on the above image that I’m able to connect to

Let’s check the Facebook site from the browser.

No Internet!
We can’t connect to Facebook. If you tried any other sites then also you won’t connect to those sites.

Finally, we had successfully achieved the network setup that can only connect to the Google Search Engine and all other sites are not allowed to connect with the pure networking concepts.

That's it for this article!

For any help or suggestions connect with me on Twitter at @TheNameIsAnkush or find me on LinkedIn.

Tech blogger, researcher and integrator