Stuart Henderson wrote: > On 2006/01/22 12:39, Peter Fraser wrote: >> Rather than going to each machine an installing >> this hosts file in \windows\system32\drivers\etc >> I would rather have my firewall block these >> names instead. >> >> Please note the blocking has to be done on the name, >> not the ip address. > > You'll need to use a web proxy for this.
You COULD use a proxy for this (actually, it would have to be a more general proxy, not just web), but you can do this in simpler ways, too (which I would argue are at least as effective in real life than the more "technically perfect" proxy system). Just set up a "poisoned" DNS resolver to mangle resolution of any domain or subdomain you don't want people going to, which is what you are doing in a machine-by-machine basis with a hosts file: http://www.holland-consulting.net/tech/imblock.html I'm very fond of this idea of DNS mangling, both to eliminate things I find personally annoying, plus as an aid for managing other people's computers. See the "Disadvantages" section in that article for a list of limitations and disclaimers. Nick.
