Gabriel M Dragffy
dragffy at yandex.ru
Fri Sep 1 14:36:13 UTC 2006
On Thu, 2006-08-31 at 23:09 -0500, Chris Lemire wrote:
> Is there any better way to block websites than using iptables? I would
> like to block all website's on the myspace server. I'd also like to
> block all instant messaging chatting from this computer. This computer
> is also running windows in VMware server, so I'd like to block myspace
> from being used from it too. If I use iptables to block myspace, it
> will block it from any web browser even if the web browser is IE6
> running in VMware Server right? I got this ip using ping. How can I
> block all of it sending and coming to this computer?
> ubuntu at ubuntu:~$ ping www.myspace.com
> PING www.myspace.com (18.104.22.168) 56(84) bytes of data.
> 64 bytes from 22.214.171.124: icmp_seq=1 ttl=244 time=115 ms
> 64 bytes from 126.96.36.199: icmp_seq=2 ttl=244 time=156 ms
> --- www.myspace.com ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1005ms
> rtt min/avg/max/mdev = 115.457/136.140/156.823/20.683 ms
> ubuntu at ubuntu:~$
You're right about IP tables, and if you don't have too many IPs that
you'd like to filter it's probably easiest, certainly much easier than
configuring your own proxy server. To make configuring IPTABLES easier
I'd recommend you take a look at firehol in my opinion it's the best
thing sinced sliced bread for taking care of firewall rules, it can even
accept normal IP tables commands but it has it's own blacklist too.
Blocking IM from the computer may be more difficult. You could configure
the firewall to only allow certain outgoing services such as https/http,
but then most IM clients can use and outbound connection with that if
you configure them right. You may have to also blacklist the various
destination IPs for the chat clients.
More information about the ubuntu-users