Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24

Thread: How to block connection to specific host name?

  1. #21
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,136

    Default Re: How to block connection to specific host name?

    Seeing that you do not want this for one system, but for all systems on a LAN going to the Internet, the most logical thing is to check in the router.

    A, very theoretical, solution then could be that the router resolves all destination IP addresses into hostnames and when the hostnames then are (or end in) a text that is in a blacklist, drop the packet.

    IMHO programming the router to ones needs is the key here.
    Henk van Velden

  2. #22

    Default Re: How to block connection to specific host name?

    Quote Originally Posted by hcvv View Post
    IMHO programming the router to ones needs is the key here.
    Yes. I tried to approach this through the router. However as per the link, the script they give has caveats which make it practically very limited and hence useless. So I started to look for a way to do it on an openSUSE system and through trying to understand how it works to hopefully "translate" it somehow to the router's language (which I still need to learn).

  3. #23
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,278
    Blog Entries
    2

    Default Re: How to block connection to specific host name?

    IMO
    Should clarify reasonable objectives.

    So for instance,
    Most people, even businesses don't usually need to update the accuracy of their blocked addresses that often...
    After all, even if you were a malware author/owner you couldn't have IP addresses for your hosts changing every few minutes, hours or maybe even days... DNS caching servers might not update very often, even if they resspect the TTL value you set for your records. In other words, very frequent changing name resolution mappings is counter-productive resulting in failures which is why you have name resolution in the first place.

    A very short (eg 10 second) TTL could be set, but that would practically force all queries to be directed directly or nearly so to your Primary DNS. Depending on what you'd consider an acceptable load, it <could> overwhelm a DNS server and would force name queries across very large distances.

    I don't know how much it's still used but years ago block lists were published, some involved a fee but there were also free, community lists that were updated approximately weekly. Everyone from firewall administrators to end users running special apps like Peerblock imported these lists regularly (Peerblock stopped using free block lists years ago, but the app still exists).

    So, that's one possible solution that's been around for eons...

    You should also understand beforehand that scripts to auto-generate and update dynamically any kind of security setting is risky, and besides missing some will also generate false positives. In certain situations this can have a major consequence like when I wrote these kinds of scripts to automatically block suspicious activity to a webserver... I quickly learned that there can be a certain amount of normal "extra" activity that can be mis-interpreted as malicious and voila! - I had legitimate Users who were suddenly unable to access the website (until the block was removed) and would even block my attempt to remote into the machine to make fixes (resolved by re-assigning a new IP address to my machine).

    You can consider looking at Parental Control applications...
    Or, most Proxy Firewalls will easily support whitelisting and blacklisting IP addresses or FQDN, and sometimes are versativel enough to accept plugins for things like deep packet inspection. "window screen" firewalls like iptables won't generally have the same capability as proxy firewalls but YMMV.

    IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #24

    Default Re: How to block connection to specific host name?

    Is it possible to handle this through AppArmor?

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •