02-12-2019 04:36 AM
(Please note that all I.P addresses, hostnames, FQDN, etc. mentioned in this post are imaginary)
Hello,
I wanted to block the domain www.bad-website.com from my network, so I created an ACL like so:
myRouter(config)#ip access-list extended NO-BAD
myRouter(config-ext-nacl)#10 deny ip any host www.bad-website.com
myRouter(config-ext-nacl)#20 permit ip any any
myRouter(config-ext-nacl)#end
The result is this:
myRouter#sh ip access-lists NO-BAD
Extended IP access list NO-BAD
10 deny ip any host 1.2.3.4
20 permit ip any any
Where 1.2.3.4 is the DNS query result for www.bad-website.com. The problem is, the owner of this website has a lot of IP addresses at his disposal, and the DNS query returns a different IP every time. I want to block all those IP's, and not just 1.2.3.4. Is it possible to add a dynamic entry to an ACL that will automatically filter all addresses associated with a certain FQDN?
Thanks.
Solved! Go to Solution.
02-13-2019 07:06 AM
Hi @FaisalAlBandar,
Check this discussion of the community:
https://community.cisco.com/t5/switching/block-certain-websites-from-the-router/td-p/1756333
I hope can help you.
Regards
02-13-2019 07:06 AM
Hi @FaisalAlBandar,
Check this discussion of the community:
https://community.cisco.com/t5/switching/block-certain-websites-from-the-router/td-p/1756333
I hope can help you.
Regards
02-13-2019 07:10 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide