On 12/07/12 08:50, I.S.C. William wrote: > It is possible to block a site by domain name? > > for example: > > REJECT loc net:www.domin1.com <http://www.domin1.com> tcp 443 > REJECT loc net:www.domin2.com <http://www.domin2.com> tcp 80 > > It can be IP, but at the same wonder if you can just by domain name.
You can do this, but it is not recommended because: 1. The name is resolved to an IP address on startup, and after that only the IP is used. So if the site changes addresses, this will become ineffective until you restart shorewall. 2. If you don't have working DNS resolution on startup, shorewall will fail to start. Because of this, you're much better off redirecting all browsing through a local proxy and blocking it there with squidGuard, Dan's Guardian, or something similar. Paul ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
