Hi everyone! I'm currently developing a Data Loss Prevention (DLP) solution for Linux and I'm looking for effective methods to block outbound traffic to certain domains rather than just IP addresses. I know that `iptables` can successfully block fixed IPs, but domain-based blocking becomes tricky because of changing IPs and multiple A/AAAA records. What are the best strategies for implementing domain-based outbound blocking, especially for command line tools like `rsync` and `scp`? I'm open to suggestions involving DNS filtering, `nftables`, proxies, or any other approaches you think might work.
4 Answers
Have you tried OpenSnitch? It allows you to define block lists for domains—check out the GitHub page for examples. By the way, I'm curious about what you're building; it sounds intriguing!
If running a full DNS server sounds too heavy for your setup, you could add the domains you want to block directly in your routing table and point them to a non-functional IP. It’s a bit of a hack, but it might work for your situation.
You might want to consider solutions like Pi-hole or AdGuard. They can help with blocking those domains at the DNS level, which could be effective for your needs.
Another method is to run a local DNS server or modify the hosts file to block access to certain domains. However, keep in mind that tweaking the hosts file can also restrict inbound traffic.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures