Linux – use an IP-list include file for iptable blacklisting

I can't think of a direct solution, but I can think of a round about way of tracking a packet.

1. Log each rule with a log prefix directive (--log-prefix "Rule 34")
2. Generate a test packet or packet stream with scapy and set the TOS field to something unique
3. grep the log file output for that TOS setting and see which rules logged it.

Christopher Wilson provided a pretty good list of URLs above.

I would add that WSUS may not be a big deal in the long run. You will most likely still have to define the router whitelist if the goal is to block internet access and surfiing. However, one of the many reasons to implement WSUS is to minimize the impact on the internet connection by only downloading updates once, not to mention it gives you ultimate control over when and which updates to push to clients.

If you already have a database server laying around adding WSUS to an existing box is not too bad and not too much overhead, depending on the number of clients you have.

My suggestion essentially is that you can utilize the list Chris provided to help build out your block policy but also improve your overall desktop maintenance capabilities all while reducing internet bandwidth requirements.

UPDATE: Microsoft URLs to Whitelist:

• windowsupdate.microsoft.com
• .update.microsoft.com
• download.windowsupdate.com
• redir.metaservices.microsoft.com
• images.metaservices.microsoft.com
• c.microsoft.com
• www.download.windowsupdate.com
• wustat.windows.com
• crl.microsoft.com
• sls.microsoft.com
• productactivation.one.microsoft.com
• ntservicepack.microsoft.com