Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: How to block connection to specific host name?

  1. #11

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by hcvv View Post
    As said earlier, I doubt.
    Then how do they block Google for a whole country (for example)? Or censor another website (with all its subdomains)?

    See how important it is to explain your goal and not just pick some step and ask about that, believing that all other conditions are miraculous understood by others?
    The original question seems quite clear to me: It is in the title of the thread. Is it ambiguous?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Where in your network... internal or external?
    I want to block LAN hosts from accessing a WAN host.

    Using wicked or Network Manager?
    wicked

    ...dnsmasq...
    I know nothing about this. Is a solution which blocks/fakes the resolving of the name to IP address? If yes - that won't work as the user would still be able to connect directly by IP address as mentioned above.

  2. #12
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,398

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by heyjoe View Post
    Then how do they block Google for a whole country (for example)? Or censor another website (with all its subdomains)?
    Well, ask them. It is not that easy as those who slip around it can tell you.
    In any case they will not block google.com or whatever, but IP addresses (ranges). And then they have to care for proxies, etc. No it is not that easy.

    Quote Originally Posted by heyjoe View Post
    The original question seems quite clear to me: It is in the title of the thread. Is it ambiguous?
    One does not connect to a host name. One connects to an IP address, that can be represented by one or more domain names for human convenience.
    Henk van Velden

  3. #13

    Default Re: How to block connection to specific host name?

    I understand.

    Well then, is there any way to have some program (script) which:

    - checks the IP addresses of the hostname upon boot and then periodically (e.g. every hour, or every N hours)
    - upon detected change: to insert the new IP address in a text file and "inject" proper iptables blocking rule

    ?

  4. #14
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,240
    Blog Entries
    15

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by heyjoe View Post
    I understand.

    Well then, is there any way to have some program (script) which:

    - checks the IP addresses of the hostname upon boot and then periodically (e.g. every hour, or every N hours)
    - upon detected change: to insert the new IP address in a text file and "inject" proper iptables blocking rule

    ?
    Hi
    But if the domain your trying to block has multiple servers, likewise as you add more rules your internet access will get slower and slower....

    I would start with your hosts file first and see how that goes to achieve your goal esp if only looking a few domains.

    Your far better to look at a whitelist rather than a blacklist, block everything and then allow, then your not chasing your tail adding this, checking that.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  5. #15

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    But if the domain your trying to block has multiple servers, likewise as you add more rules your internet access will get slower and slower....
    True.

    I would start with your hosts file first and see how that goes to achieve your goal esp if only looking a few domains.
    Seems to be the only option for now.

    Your far better to look at a whitelist rather than a blacklist, block everything and then allow, then your not chasing your tail adding this, checking that.
    Yeah, I thought about that too. Unfortunately creating a whitelist would be humanly impossible.

    Thank you guys. I understand it is a difficult task.

  6. #16
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,240
    Blog Entries
    15

    Default Re: How to block connection to specific host name?

    On Sat 13 Jan 2018 10:06:02 PM CST, heyjoe wrote:

    malcolmlewis;2851137 Wrote:
    > Hi
    > But if the domain your trying to block has multiple servers, likewise
    > as you add more rules your internet access will get slower and
    > slower....

    True.

    >
    > I would start with your hosts file first and see how that goes to
    > achieve your goal esp if only looking a few domains.
    >

    Seems to be the only option for now.

    >
    > Your far better to look at a whitelist rather than a blacklist, block
    > everything and then allow, then your not chasing your tail adding
    > this, checking that.

    Yeah, I thought about that too. Unfortunately creating a whitelist would
    be humanly impossible.

    Thank you guys. I understand it is a difficult task.


    Hi
    So in your local /etc/hosts file you would add;

    Code:
    0.0.0.0 www.example.com
    0.0.0.0 example.com
    ::0 www.example.com
    ::0 example.com
    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE Leap 42.3|GNOME 3.20.2|4.4.104-39-default
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  7. #17

    Thumbs up Re: How to block connection to specific host name?

    Yes. Thanks Malcolm.

    Why is the ::0 necessary if 0.0.0.0 is there?

  8. #18
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,240
    Blog Entries
    15

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by heyjoe View Post
    Yes. Thanks Malcolm.

    Why is the ::0 necessary if 0.0.0.0 is there?
    Hi
    That's for the ipv6 address....
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  9. #19
    Join Date
    Sep 2012
    Posts
    5,230

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by heyjoe View Post
    Then how do they block Google for a whole country (for example)?
    For 99% of those involved in decisions about blocking Internet is synonym to WWW, so this can be done by deep packet inspection to look for host names in HTTP requests. Which of course stops working when you use HTTPS unless provider applies man-in-the-middle to decrypt SSL traffic.

    Or they simply resolve host name to IP addresses and block these IP. Which leads to excellent DoS possibility as was demonstrated here half a year ago - blocked domain entered in its DNS list of public well known hosts IPs, including some government ones. Which were all blocked. And this method obviously punishes any shared web hosting where single IP is shared by multiple virtual hosts.

    So (un-)fortunately there is no easy single way to do what you want. You need to decide for yourself what you actually want to achieve.
    Or censor another website (with all its subdomains)?
    This is example of thinking I mentioned - Internet equal WWW. So do I understand you correctly that you want to block HTTP traffic? Or you really mean any traffic using any protocol?

  10. #20

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    That's for the ipv6 address....
    Yes, I know. The question is: why is it necessary if another line says "this host resolves to 0.0.0.0". In other words - is it possible for a host to resolve to 0.0.0.0 and still have another IPv6 address which resolves to something different from ::0?

    Quote Originally Posted by arvidjaar View Post
    Or you really mean any traffic using any protocol?
    That.

    I started this thread with the idea of creating a blacklist of known malicious or non-privacy respecting hosts (PRISMed) etc. But as I read the answers I understand that may be a stupid idea because those companies actually own so many domains that one can never really know who one connects to, i.e. the only answer may be TOR.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •