Quote:
Originally Posted by jlinkels
Blocking the IP of gmail is next to impossible as these large sites often use a range of IP addresses.
|
well that's the point of the question isn't it? stop the dns query that gets one of the range in the first place. not foolproof of course, but what you're asking fairly simple and totally possible. if you use the string module in iptables and also match on port 53, then you can easily drop any packet being passed through the router on port 53 which contains the string relevant to the domain you want...
Code:
iptables -I FORWARD -p udp --dport 53 -m string --string "chatenabled.mail.google.com" -j DROP
i guess this would work, not tested though... again not the best solution, but a start...