We are considering whether or not to block internal access to social networking and private entertainment web sites. This not a policy decision as of yet, just an exploratory exercise. Our gateways run CentOS-5.4 and use iptables to enforce firewall rules. The information that we wish to determine is whether or not it is feasible to block sites such as facebook, youtube, twitter, etc. using iptables. Is there a superior method? Does there exist already a generally accepted utility or method for accomplishing this? At the present time we only block outgoing traffic for a handful of internal hosts that should never have any reason to generate traffic destined outside the lan. But, now we are advised by some authorities that facebook and similar sites are considered security risks to hosts that are used to access them. Without debating the merits of such claims, how would one proceed to block internal network access to specific domain names using CentOS? Sincerely, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3