Xetroximyn
asked on
need whitelist web domain filter that can handle wild cards (setup via script), either on ubuntu clients, or DNS server
I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.
The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.
So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...
If it's not too hard I could set up an ubuntu machine to be a dns server.
Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.
Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.
I want to be able to update the whitelist easily/quickly.
Any ideas/suggestions?
The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.
So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...
If it's not too hard I could set up an ubuntu machine to be a dns server.
Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.
Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.
I want to be able to update the whitelist easily/quickly.
Any ideas/suggestions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.