| 1 |
On Sat, 1 Aug 2015 11:48:15 +0200, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> There's a few ways around it: |
| 4 |
> |
| 5 |
> 1. Rethink your firewalling policy. Maybe you really don't need to block |
| 6 |
> stuff and just think you do. |
| 7 |
> |
| 8 |
> 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it |
| 9 |
> cannot change more than once a day. So you only need to do a lookup once |
| 10 |
> a day. Write or get a script that looks up your banned domains every so |
| 11 |
> often, gets the new IP if it changed and reload a new netfilter rule |
| 12 |
> set. |
| 13 |
> |
| 14 |
> #2 is the correct approach for large firewalls with many users but does |
| 15 |
> involves a quite sophisticated codebase, probably way more than you need |
| 16 |
> for your 1 pc. Which brings us back to #1 |
| 17 |
|
| 18 |
3. If you just want to block a few domains for all users of a computer, |
| 19 |
add them to /etc/hosts, pointing to 127.0.0.1 or somewhere similarly |
| 20 |
useless. |
| 21 |
|
| 22 |
If you only want to block web access, maybe something like squid or |
| 23 |
dansguardian is more suited to your needs. |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
Neil Bothwick |
| 28 |
|
| 29 |
Linux like wigwam. No windows, no gates, Apache inside. |
Archives