Blocking Access to Particular Servers

Next: Blocking URLs Up: Configuring Access to Services Previous: Blocking Access to News

Blocking Access to Particular Servers

The Block Access to Server Setup Screen (Figure 4.42) allows you to block access to a particular service on a particular host at specified times/days. For example, you could block all WWW access to www.playboy.com during working hours by specifying host `www.playboy.com', service `http', and time specification `*/8-17'.

**Figure 4.42:** The Block Access to Server Setup Screen
$\includegraphics[width=14cm,height=10cm]{badsrv.ps}$

You can enter either ports or service names for the service, and either numeric addresses or symbolic domain names for the server. It is almost always better to use symbolic names, as the firewall will expand these to the full set of addresses that are associated with that name, useful for blocking access to distributed WWW sites or for when the IP addresses of blocked sites change.

You can also enter network addresses, by specifying the number of address bits to use after the address and separating these with a slash. For example, to block the entire 192.168.1.0 class C network, you would specify `192.168.1.0/24'.

You can also use text patterns to block access to servers based on their domain names; see Section 4.5 for details.

Next: Blocking URLs Up: Configuring Access to Services Previous: Blocking Access to News