Re: IPCHAINS Implementation

["Ambar Roy" <ambarroy@xxxxxxxxx>]

also note that in case you just wan't to block web access, then it is better
to set up transparent proxying with squid, and then letting squid do the
filtering. With squid you can set up simple rules for access blocking, with
ipchains, it is really difficult to block anything effectively. ipchains is
better suited for protecting your internal network, and disallowing access
to ppl from the internal network. Lets say you wan't to block all yahoo
sites. With squid, you just set up a rule for destination domain yahoo.com,
and then block it. with ipchains, you will surely go mad (yahoo seems to
have hundreds of ip addresses!!!!) My experience has been real good with
squid. (especially for things like banner ads, which choke up my net
connections, squid works real nice.. just disable doubleclick.net,
imgis.com, flycast.com, ads.*, ad.*, /banner/*, /adserve* and you will see
that all the users are really happy...)

Bye,
    /\ |\/| |3 /\ r
> The best option to achieve this without any major configuration changes is
> the implementation of ipchains.
>
> I have a very simple but good article on ipchains attached with this mail.
> Which will be enough for you to configure what you require.
> > Dear All,
> >
> > We are using LINUX server for last 7 months and with greate
> > results in Deepalaya. The process of communication and
> > documentation has become very effective for all Deepalaya
> > units all over Delhi. Now we are facing a problem. We have
> > to set up firewall at the minimum level. Like we want to
> > block some sites. Can anyone tell us how to do it. Please
> > tell us the easyest way so that we...with our moderate
> > knowledge on Linux can do it. We know that firewall can be
> > established at various levels. But we want to only block
> > some sites.