Generic

ID #1166

How I can block access from local net to global URL

FREESCO does not support blocking based on an URL, to have that kind of functionality, you must install a HTTP proxy server like squid or privoxy.

Solution #1
Add-on packages for proxy servers are available on FREESCOSoft

Solution #2

There are ways to block access to a certain domain without installing a proxy, by enabling the caching DNS service in FREESCO and adding bogus host entries in the /etc/hosts file.

An entry like this in the hosts file will f.i. redirect that site to localhost:

127.0.0.1<TAB>www.porn.com

Where <TAB> is a TAB character

Of course there's no one that can prevent the client computer to configure using another DNS server (like the ISP's name server).

Solution #3
A firewall rule can be added to block access on IP address, but when the site moves to another provider, you'll have to edit the rule list.

Add a rule like this in the firewall section of your rc_user script:

ipfwadm -O -a deny -P all -S (network address)/(network subnetmask) -D xxxx/32

Where xxxx is the IP address of the remote site (use ping or nslookup to find the IP address of a site). A specific example for www.porn.com and a 10.0.x.x LAN would be:

ipfwadm -O -a deny -P all -S 10.0.0.0/16 -D 81.20.32.88/32

save changes and type rc_masq restart to reload the firewall.

Is there a way to add a site to the ban list for incoming connections only?

Last update: 2004-12-14 15:50
Author: dingetje
Revision: 1.0

Print this record Print this record
Send to a friend Send to a friend
Show this as PDF file Show this as PDF file
Export as XML-File Export as XML-File

Please rate this entry:

Average rating: 5 from 5 (1 Votes )

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry