How to block ALL websites except 2

glenn69 · 09-03-2008, 01:51 PM

I would like to allow access to only 2 webites on my computer.

What is the simplest way to accomplish this?

Thanks

w3bd3vil · 09-03-2008, 02:05 PM

I think if you play around with OpenDNS you will manage to achieve that in no time.
opendns.com

Just block all networks and then set the two domains you want to always allow on your opendns account.

DotHQ · 09-03-2008, 02:11 PM

modify /etc/sysconfig/iptables
The following entries allow traffic from the two domains listed.

-A INPUT -s 172.35.111.239 -j ACCEPT
-A INPUT -s 172.35.111.233 -j ACCEPT

Also, use the /etc/hosts.allow and /etc/hosts.deny.
In the hosts.deny file you want to deny all by saying
all:all
The host.allow file migh tlook something like the one below. You need to add your IP's for each of the service you will be runnning. Add the netmask also.
#
# hosts.allow file for App Servers
#
ALL: localhost
in.rshd: 172.35.111.233/255.255.255.224 etc.... for each line.
bpcd:
bpbkar:
portmap:
lockd:
mountd:
rquotad:
statd:
snmpd:

glenn69 · 09-03-2008, 02:31 PM

Quote:

modify /etc/sysconfig/iptables

I do not have a directory named sysconfig. I am using Mepis Antix. Should I make the file?

jkzfixme · 09-03-2008, 02:58 PM

I would use a proxy server like squid, wich is also easily administered with webmin

Regards
JKZfixme

DotHQ · 09-03-2008, 03:13 PM

Quote:

Originally Posted by glenn69

I do not have a directory named sysconfig. I am using Mepis Antix. Should I make the file?

No, I doubt that would work. The files I mentioned are on the distros I work with. I 'thought' they were pretty universal. I was wrong.

Setting up a proxy sounds like another way to accomplish the task.

voger · 09-03-2008, 04:24 PM

Maybe a stupid idea but how about playing with /etc/hosts.allow and /etc/hosts.deny?
http://www.itc.virginia.edu/unixsys/sec/hosts.html

secretlydead · 09-21-2015, 06:25 AM

Use dnsmasq. This is a really neat service.

On Debian/Ubuntu/Mint:

Code:

sudo apt-get install dnsmasq

edit /etc/dnsmasq.conf

add this line to make all sites redirect to localhost:

Code:

address=/#/127.0.0.1

add these lines to make specific sites use the DNS server at 8.8.8.8:

Code:

server=/allowed.com/8.8.8.8

then restart the dnsmasq service:

Code:

sudo service dnsmasq restart

Kernel009 · 12-12-2019, 12:56 PM

Quote:

Originally Posted by secretlydead

Use dnsmasq. This is a really neat service.

On Debian/Ubuntu/Mint:

Code:

sudo apt-get install dnsmasq

edit /etc/dnsmasq.conf

add this line to make all sites redirect to localhost:

Code:

address=/#/127.0.0.1

add these lines to make specific sites use the DNS server at 8.8.8.8:

Code:

server=/allowed.com/8.8.8.8

then restart the dnsmasq service:

Code:

sudo service dnsmasq restart

Old thread but definitely one I needed to find! This almost does exactly what I am looking for - I need to block all web traffic but unfortunately this stops incominb TeamViewer sessions from working on the machine. Has anyone run into this and solved it? I'll of course keep digging but wanted to post here in case someone has invented that wheel already. I guess what I'm looking for is a way to disallow ALL EXCEPT, not just ALL. Or maybe it's a port that needs to be opened in the config?

Hm, think I actuall6y figured it out right after posting... seems the SERVER line does work on top of the ADDRESS line... I added server=/teamviewer.com/8.8.8.8 and restarted and it allowed it to connect!