I would recommend looking into squid or some other filtering proxy.  The 
fundamental problem with using iptables/hosts restrictions is wildcard 
matching for subdomains and various other technical details that you end 
up sinking a vast amount of time to resolve.  There are also several 
commercial solutions that can be implemented at the firewall/router 
level on a per-machine or per-user basis.

-Mark

On 05/11/2012 03:31 PM, Tam Nguyen wrote:
> Hi Christopher,
> -You can ALLOW vs. DENY, REJECT using /etc/sysconfig/iptables rules.
>
> -You can also, in the httpd.conf file, under the directives *Order
> allow,deny*, you can specify allow or deny access to ip address
>
> To deal with DHCP or IPs change, you should research RARP on how to
> request IP address from Physical address.  Then you will have to come up
> with a script that will updated your server.
>
> Good luck
>
>
> On Fri, May 11, 2012 at 3:33 PM, Christopher Tooley <[log in to unmask]
> <mailto:[log in to unmask]>> wrote:
>
>     Hello All,
>
>     I've been requested to whitelist websites for a local user here,
>     apparently the internet is extremely distracting for work, save for
>     certain sites - has anyone done something like this before? I know I
>     could put IPs and website addresses in /etc/hosts, but I don't want
>     to have to fix the hosts file whenever IPs change.
>
>     This will be entirely for one computer.
>
>     The only thing I can think of is to have a cron script that will
>     periodically update the /etc/hosts file with the correct IPs and
>     addresses - any other suggestions?
>
>     Thanks,
>     -Chris
>
>


-- 
Mr. Mark V. Stodola
Digital Systems Engineer

National Electrostatics Corp.
P.O. Box 620310
Middleton, WI 53562-0310 USA
Phone: (608) 831-7600
Fax: (608) 831-9591