You don't - not easily, at least.

iptables allows you to configure rules by IP.

Blocking e.g. *.youtube.com/* [to say nothing of aliases thereof] is
hostname-based, not IP-based. And I would imagine, at a glance, that
Youtube has a lot of IPs.

Your easiest answer would be to do HTTP proxying and filter it that way.

- Rich

On Thu, Oct 4, 2012 at 3:27 AM, vivek chalotra <[log in to unmask]> wrote:
> Dear all,
>
> i have used the following ip table rules to implement gateway in my linux
> server:
>
>  iptables --flush
>  iptables --table nat --flush
>  iptables --delete-chain
>  iptables --table nat --delete-chain
>  iptables --table nat --append POSTROUTING --out-interface eth0 -j
> MASQUERADE
>  iptables --append FORWARD --in-interface eth1 -j ACCEPT
>  echo 1 > /proc/sys/net/ipv4/ip_forward
>  iptables-save
>
> And now i want to block youtube on my network. kindly suggest iptable rules
> to do that. My server has two ethernet card, eth0 is external network and
> eth1 is for local LAN.
>
> Any help is appreciated
>
> Regard
>
> Vivek Chalotra
> GRID Project Associate,
> High Energy Physics Group,
> Department of Physics & Electronics,
> University of Jammu,
> Jammu 180006,
> INDIA.