blocking specific websites, but allowing internet access

poiuytrewq · 12-04-2004, 03:08 AM

hi, i have a machine that i would like to be able to block access to certain websites on (per user or machine wide will work) but i still want to allow access to all of the internet.

is there an easy way to do this?

using:
fedora core 2
firefox 1.0-1

musicman_ace · 12-04-2004, 03:24 AM

set the site in the hosts file to be spoofed

127.0.0.1 blockedsite.com

I'm going to try using IPtables when I get the chances, something like

IPTABLES -A OUTPUT -d hotmail.com -reject-with icmp-host-unreachable

I've searched this site, and someone posted the iptables method, but I have never actually tried it. If it works, I'm going to use a blacklist of websites and create a script to block more than 200 sites.

poiuytrewq · 12-04-2004, 03:35 AM

thanks for the help, but i have tried that, it does not seem to work, what do i need to do to make it take effect? (i typed everything correctly, i promise)

poiuytrewq · 12-04-2004, 03:42 AM

this for instace:

Code:

 #
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

ALL:ALL

had no effect

musicman_ace · 12-04-2004, 04:50 AM

Put squid on the firewall/gateway and do content filtering through squid

EnigmaOne · 12-04-2004, 07:00 PM

Quote:

Originally posted by poiuytrewq
thanks for the help, but i have tried that, it does not seem to work, what do i need to do to make it take effect? (i typed everything correctly, i promise)

Yeah....hosts.deny won't have any effect....you want to edit /etc/hosts as was illustrated previously. Just point the blocked site to the loopback addy, and save the file.

In some cases, I've run into situations where I have to enter multiple permutations of the site name (subdomains, etc) to get the desired effect. You don't have to do anything but save the file, and it'll be in effect immediately.

Such is life with kids in the house.

and my hosts file passed 300KB in size a while back.

fakie_flip · 08-31-2006, 11:45 PM

What am I doing wrong? I haven't been able to block any websites.

Code:

ubuntu@ubuntu:~$ IPTABLES -A OUTPUT -d hotmail.com -reject-with icmp-host-unreachable
bash: IPTABLES: command not found
ubuntu@ubuntu:~$ iptables -A OUTPUT -d hotmail.com -reject-with icmp-host-unreachable
iptables v1.3.3: Unknown arg `hotmail.com'
Try `iptables -h' or 'iptables --help' for more information.
ubuntu@ubuntu:~$