Rob Ogle wrote: > I want to block users from getting to the internet with the exception of a > handful of websites. > I'm using: > ACCEPT loc net:www.weather.com tcp 80 > > This works fine for some sites, but with sites like the weather channel, I > only get partial content. I've looked at the source code and found that they > use a lot of sub domains like images.weather.com. Other sections, even pull > from domains other than their own or specific ip addresses (that seem to > rotate). > > I've currently got a section of rules allowing about 15 different ip > addresses out, but the addresses are changing every few days. > > What is the best way around this? (Other than constantly monitoring the > shorewall log and adding ip addresses to the rules)
This is better done in your proxy server than in a packet filter like netfilter. I would suggest using a transparent proxy server setup as per http://www.shorewall.net/Shorewall_Squid_Usage.html -- Paul <http://paulgear.webhop.net> -- Did you know? Linux is a completely free operating system that provides a vast array of software "out of the box", and represents a viable alternative to expensive proprietary software. For more details, see: http://consumer.hardocp.com/article.html?art=MTI5OCwxLCxoY29uc3VtZXI=
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
