On Sat, 1 Aug 2015 11:48:15 +0200, Alan McKinnon wrote: > There's a few ways around it: > > 1. Rethink your firewalling policy. Maybe you really don't need to block > stuff and just think you do. > > 2. Do a DNS lookup and check the TTL. If it's high, say 86400 then it > cannot change more than once a day. So you only need to do a lookup once > a day. Write or get a script that looks up your banned domains every so > often, gets the new IP if it changed and reload a new netfilter rule > set. > > #2 is the correct approach for large firewalls with many users but does > involves a quite sophisticated codebase, probably way more than you need > for your 1 pc. Which brings us back to #1
3. If you just want to block a few domains for all users of a computer, add them to /etc/hosts, pointing to 127.0.0.1 or somewhere similarly useless. If you only want to block web access, maybe something like squid or dansguardian is more suited to your needs. -- Neil Bothwick Linux like wigwam. No windows, no gates, Apache inside.
pgpNtZBErkugG.pgp
Description: OpenPGP digital signature
