[CentOS] IPTABLES and Hi-Risk blocking

Fri Nov 27 21:55:10 UTC 2009
Tim Nelson <tnelson at rockbochs.com>

----- "nate" <centos at linuxpowered.net> wrote:
> James B. Byrne wrote:
> 
> > Without debating the merits of such claims, how would one proceed
> to
> > block internal network access to specific domain names using
> CentOS?
> 
> Also hosting the domains on your internal name server and pointing
> them to some internal address so that they can't be resolved as
> well could work.
> 

I've used this many times where implementing a Squid proxy just wasn't an option. We ran an internal DNS server that was authoritative for any domains we didn't want users to access. Then, we use iptables to route all DNS traffic to that DNS server. Those domains would resolve, but to a specific IP that was configured to hand out a nastygram page saying "Blocked by the filter" etc...

Even when it isn't required at a particular installation, it's certainly fun to play with this at the office. :-)

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105