I have asked this before and have blocked AIM and others but am wondering if there is an easier way? In iptables (I think you can do this) I could block by URL. But that is another rule and DNS lookup that the FW has to do. Why not change those addresses on the internal DNS to point to something bogus? Like login.oscar.aol.com for AIM would point to a bogus internal address. Would this work? That way the ports wouldn't matter. I would just need to find out what URL the IM is looking for.
Is this possible? IIRC all the IM need to login to some server. So blocking that server would be fairly easy w/ a false DNS lookup. That way I don't have to continually lookup the new ips of the URL and blocking the ports (which is impossible for some IM) would be unnecessary. And one of them uses the nntp protocols for communication. We use news servers so I can't block that. Any input? BTW, we have complete control over the internal DNS and lookups go to that computer. sim
