[ previous ] [ next ] [ threads ]
 
 From:  "Eric Shorkey" <eshorkey at commonpointservices dot com>
 To:  "Massimo B." <ghiblone at tin dot it>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] More internet security
 Date:  Wed, 2 Jun 2004 09:00:37 -0400
OH!
I see what you are trying to accomplish now. You want to supply a list of
fqdn's on the internet that are not accessible to hosts on the lan side. I
see what you mean now. The easiest way to do this on a mass scale is to run
your own DNS server. m0n0wall provides a dns relay service to dhcp clients,
but it is mainly designed to allow dhcpc lient hosts to reach each other by
name. It does allow you to add your own host names as well, so if you insist
on doing it within m0n0wall, this is probably the easiest way:

The config file is pure XML, so I suggest adding a few example host entries,
downloading your config file, and looking at it in a text editor. You should
be able to figure out the format pretty easily, and that will let you write
a script to alter your current hosts file into the necessary xml to
copy/paste into the config file. Then just restore your newly created config
file into your m0n0wall and you're done.



----- Original Message ----- 
From: "Massimo B." <ghiblone at tin dot it>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, June 02, 2004 8:34 AM
Subject: Re: [m0n0wall] More internet security


> > So, you're looking to prevent certain systems from reaching the
internet?
> Yes!!!
>
> > You can do that with normal firewall rules as well.
> Too much complex... and host file is very large!
> ... and update all clients/computers? Is not a good idea, more time
> required!
>
> > I guess all this really means is that I still don't understand the
> question.
> Please digit this link:
> http://webpages.charter.net/hpguru/
> http://www.mvps.org/winhelp2002/hosts.htm
>
> Bye.
> Massimo Bolsi.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>