Its terribly inefficient, but yes, you can. You can just add rules to
your forward chain denying to specifiv destinations. However, you are
going to spend a lot of time checking IP addy's and maintaining your
list of blocked sites.
In general, blocking access to web sites is technical and political
nightmare. We did it for about a year, using a commercial product
which actually uses a combination of content rating and a list of
URL's separated by categories. It worked pretty well, but it turned
the IS department into everybodies mommy.
You are MUCH MUCH MUCH better off logging all web traffic, and posting
a list of who went there, and relying on tried-and-true SHAME to keep
people from wasting time. We now use the same product to generate
reports, which are sent to the managers of each department. That way,
the annoying task of telling people who MAY be higher up than you in
the totem pole that they can't surf porn sites on company times will
fall on someone else.
YMMV.
BTW, the commercial product I use was called Sessionwall, and is now
Computer Associates Etrust Intrusion Detection (it does that too). I
don't necessarily endorse it, but it did a lot of things nothing else
did at the time.
Henry Sieff
> -----Original Message-----
> From: Jeremy [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 19, 2000 1:18 PM
> To: Firewalls
> Subject: blcking sites
>
>
> Hi all,
>
> I have heard that you can block websites with ipchains
> somehow. Is this
> true? If so , does anyone know a way to do this?
>
> Thanks in advance
>
> J
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
