I would recommend looking into squid or some other filtering proxy. The fundamental problem with using iptables/hosts restrictions is wildcard matching for subdomains and various other technical details that you end up sinking a vast amount of time to resolve. There are also several commercial solutions that can be implemented at the firewall/router level on a per-machine or per-user basis. -Mark On 05/11/2012 03:31 PM, Tam Nguyen wrote: > Hi Christopher, > -You can ALLOW vs. DENY, REJECT using /etc/sysconfig/iptables rules. > > -You can also, in the httpd.conf file, under the directives *Order > allow,deny*, you can specify allow or deny access to ip address > > To deal with DHCP or IPs change, you should research RARP on how to > request IP address from Physical address. Then you will have to come up > with a script that will updated your server. > > Good luck > > > On Fri, May 11, 2012 at 3:33 PM, Christopher Tooley <[log in to unmask] > <mailto:[log in to unmask]>> wrote: > > Hello All, > > I've been requested to whitelist websites for a local user here, > apparently the internet is extremely distracting for work, save for > certain sites - has anyone done something like this before? I know I > could put IPs and website addresses in /etc/hosts, but I don't want > to have to fix the hosts file whenever IPs change. > > This will be entirely for one computer. > > The only thing I can think of is to have a cron script that will > periodically update the /etc/hosts file with the correct IPs and > addresses - any other suggestions? > > Thanks, > -Chris > > -- Mr. Mark V. Stodola Digital Systems Engineer National Electrostatics Corp. P.O. Box 620310 Middleton, WI 53562-0310 USA Phone: (608) 831-7600 Fax: (608) 831-9591