1 |
On Sat, 1 Aug 2015 11:48:15 +0200, Alan McKinnon wrote: |
2 |
|
3 |
> There's a few ways around it: |
4 |
> |
5 |
> 1. Rethink your firewalling policy. Maybe you really don't need to block |
6 |
> stuff and just think you do. |
7 |
> |
8 |
> 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it |
9 |
> cannot change more than once a day. So you only need to do a lookup once |
10 |
> a day. Write or get a script that looks up your banned domains every so |
11 |
> often, gets the new IP if it changed and reload a new netfilter rule |
12 |
> set. |
13 |
> |
14 |
> #2 is the correct approach for large firewalls with many users but does |
15 |
> involves a quite sophisticated codebase, probably way more than you need |
16 |
> for your 1 pc. Which brings us back to #1 |
17 |
|
18 |
3. If you just want to block a few domains for all users of a computer, |
19 |
add them to /etc/hosts, pointing to 127.0.0.1 or somewhere similarly |
20 |
useless. |
21 |
|
22 |
If you only want to block web access, maybe something like squid or |
23 |
dansguardian is more suited to your needs. |
24 |
|
25 |
|
26 |
-- |
27 |
Neil Bothwick |
28 |
|
29 |
Linux like wigwam. No windows, no gates, Apache inside. |