[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Craig <news at craigio dot co dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: 1.1 is out!
 Date:  Mon, 23 Aug 2004 03:37:50 -0400
On Mon, 23 Aug 2004 08:11:29 +0100, Craig <news at craigio dot co dot uk> wrote:
> Great work, and a great project it does what it does on the tin and is a
> great tool used by people like me who certainly like to play around with a
> firewall as well as perfect piece for testing environments.
> I have one request if possible, can a suggestion or feature be made to
> create a simple way of blocking DNS addresses?  I do have a requirement out
> in the field also to setup access to only allow certain websites.  I think
> incorporating this will m0n0wall or maybe use the technology to do this
> would provide certainly small sites affordable and realistic option.  Maybe
> not possible on the embedded platform but I think a viable on the PC format.

This is more likely the task of a proxy server, not a firewall.  It
could be done on the firewall with some sort of proxy server.  I know
putting a proxy into m0n0wall and having transparent proxy redirection
support in m0n0wall have been discussed on the mailing list, and I've
seen you have mailed the list about it in the past as well.  I'll
leave that discussion for the developers.

You could effectively block specific sites if you're using m0n0wall as
your DNS server by putting in DNS forwarder entries for specific
undesirable sites.  Just redirect that specific hostname to some
invalid IP address, like  Of course anybody wise enough to
either use a different DNS server, or edit their hosts file
accordingly, can easily get around this.  But the vast majority of
people won't be able to figure that out.