0

I'm trying to block all http/s traffic and whitelist a very small handful of websites. iptables works well to whitelist simple websites. It falls apart on the asynchronous client-to-other connections. Google does this a lot. Most of Google's apps will eventually ask the client to make an async connection to Google's *.1e100.net, which looks like a cloud service with hundreds or thousands of host records. And iptables doesn't fit this model at all.

Not a huge fan of solutions like OpenDNS. Any other good solutions for getting gmail to work? I'd prefer to stick with iptables realizing it's probably not to be.

Brian
  • 241
  • 1
  • 6
  • 2
    AFAIK there's isn't a easy way but listing all the 1e100.net ip's then add them all. You may feel more confortable with a proxy, tho. – Braiam Dec 10 '13 at 17:42

1 Answers1

1

I vote for Braiam's suggestion. Use a proxy, like squid, in transparent mode. This means that you set your router to redirect all of the outbound http/s traffic on your proxy (but the proxy's own traffic of course). For maximum ease, deploy your proxy in a machine other than your router. And yes, you can make both whitelists and blacklists and use wildcard, and they're much easier to mantain than an iptables list, and they won't break everything if you ever tipe a line wrong.

stoned
  • 808
  • 5
  • 10