>
> And tomorrow, they will be hosted somewhere else -- using IP address
> filtering
> to stop this sort of thing is a never-ending job. That''s why I
prefer to
> use
> different solutions (such as Squid/Dansguardian).
I agree Tom.
Tired of blocking those apps in Shorewall, I use this approach to certain
cases.
This is not so "never-ending job" since apps have their server name
hard-coded into app.
My internal clients uses FW''s DNS server to resolve names, not ISP DNS
server.
So, put in your /var/named/chroot/etc/named.conf:
zone "messenger.hotmail.com" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "gateway.messenger.hotmail.com" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
In this case, MSN Messenger never connects to net (This is what I wanted).
In fact it allways tries to connect to 127.0.0.1, not the correct server.
As stated Jan Mulders, you could sniffer Hopster the see if it try to
resolve some domain name and use the same approach.
-Guilsson