From: Alan M. <am...@hw...> - 2008-04-27 18:33:20
|
Paul Gear wrote: > Alan Madill wrote: > >> I have a request from a client to block access from the local network to >> a specific web site (facebook). I know the documentation states that I >> would be better off using squid but I don't want to add another >> application just to filter traffic to 2 or 3 addresses. >> >> This is what I have and it seems to work. >> >> zones >> net ipv4 >> blk:net ipv4 >> >> hosts >> blk eth1:69.63.176.11,69.63.176.10,204.15.20.80 >> ... >> I am just wondering if there is a simpler or better way. >> > > If you want to do it dynamically, 'shorewall drop 204.15.20.80' would > probably be better, although note that it: > - only drops incoming packets, and > - doesn't persist across shorewall restarts > I tried the blacklist approach first. It doesn't block traffic through the firewall, just to the firewall. > See http://linuxman.wikispaces.com/fail2ban for what i did to get > fail2ban to drop traffic in both directions. > That looks useful. A slightly different approach is with rascals - http://scott.wiersdorf.org/blog/sysadmin/rascals.html > Paul > > |