# shorewall blocking access to a website

## thecooptoo

appears to be broken ( internal server error). Anyone got an email address to tell them ?  admin@cruzcom.com ( the admin email) is bouncing, and googling hasnt  fixed it, so that is why Im here . Dont really want to install/configure/learn squid for 1 ( or perhaps 2) websites

Problem with child accessing 1 particular website . Disucssions have resulted in slammed doors.

Id like to block access to www.dodgywebsite.com, so i did 

ping www.dodgywebsite.com whxich reutrned an IP address 

217.XX.XX.195 

so I put this IP addresses in to /etc/shorewall/blacklist

```
217.XX.XX.195     tcp     80   
```

 and restarted shorewall

http://217.XX.XX.195  -> a redhat linux, site not found message but http www.dodgywebsite.com still  appears 

I then added it to /etc/shorewall/rules 

```

DROP  net:213.xx.xx.195   all         tcp        80

DROP    all     net:213.xx.x.195  tcp 80

```

and added to /etc/shorewall/interfaces

```
##############################################################################

#ZONE    INTERFACE      BROADCAST       OPTIONS                 GATEWAY

#

loc     eth0            192.168.0.255    blacklist

net     eth1            detect          dhcp,blacklist

```

and added to /etc/shorewall/shorewall.conf

```
BLACKLISTNEWONLY=No

```

 and restarted shorewall 

www.dodgywebsite.com still appears

so what do i have to do to block  this website

----------

## magic919

 *Quote:*   

> Id like to block access to www.dodgywebsite.com, so i did
> 
> ping www.dodgywebsite.com whxich reutrned an IP address
> 
> 217.XX.XX.195 

 

You seem to be trying to block 213.x.x.195 instead of 217.x.x.195 in shorewall.

----------

## thecooptoo

sorry - typo in copy/paste/anonymise

all the addresses are 213.xx.xx.xx

----------

## magic919

The firewall should be working.  Are you sure dodgywebsite does not also resolve to another ip? Just because you can ping there does not mean the site is only at that address.  Do some thorough DNS checking if you want the firewall to work.  Bear in mind the fact the client machine might be caching DNS - run some checks.  You could even stick in the hosts file and resolve to localhost instead.

----------

