Blocking web sites....
Deven Phillips
dphillips at viata.com
Thu Apr 19 07:52:42 PDT 2001
Ben,
There are several methods to attack this problem. Personally, I would
have gone with Squid (proxy server), but the ipchains/iptables/firewall
method can work too. Here's what you do.
A. when using port/ip filtering (ipchains/iptables) the site cannot be
akamized/footprinted
B. The rule should state something like this
iptables -A forward -p tcp -s <mynet>/<mynetmask> -d <badsite.com>
--destination-port 80 -j DROP
ipchains -A forward -p tcp -s <mynet>/<mynetmask> -d <badsite.com> 80
-j DROP
If you do decide to use squid, there are excellent filters available
from freshmeat.net. Also, if you use the 2.4.x kernels on your
firewall/NAT/router you can set up squid to be a transparent proxy that
no one on your network can get around.
Deven Phillips, CISSP
Network Architect
Viata Online, Inc.
Ben Beeson wrote:
>
> Aloha all,
>
> I would like to be able to block a certain website at certain times of
> the day to limit access. I am thinking that I can use a script and add it to a
> crontab file for root and run the script as appropriate to block the site when
> I want it closed, and open it up later when desired. As part of my efforts, I
> have tinkered with adding the web site IP addresses to my firewall, and also
> to my /etc/hosts.deny file. For some reason, the website still loads when I
> do this so I don't know what's up. Any ideas????
>
> Thanks in advance,
>
> Ben
>
> ---
> You are currently subscribed to luau as: dphillips at viata.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list