[CentOS] IPTABLES and Hi-Risk blocking

Fri Nov 27 17:28:37 UTC 2009
James B. Byrne <byrnejb at harte-lyne.ca>

We are considering whether or not to block internal access to social
networking and private entertainment web sites.  This not a policy
decision as of yet, just an exploratory exercise.

Our gateways run CentOS-5.4 and use iptables to enforce firewall
rules.  The information that we wish to determine is whether or not
it is feasible to block sites such as facebook, youtube, twitter,
etc. using iptables.  Is there a superior method?  Does there exist
already a generally accepted utility or method for accomplishing
this?

At the present time we only block outgoing traffic for a handful of
internal hosts that should never have any reason to generate traffic
destined outside the lan.  But, now we are advised by some
authorities that facebook and similar sites are considered security
risks to hosts that are used to access them.

Without debating the merits of such claims, how would one proceed to
block internal network access to specific domain names using CentOS?

Sincerely,

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3