Date: Sun, 20 Aug 2017 07:30:40 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Polytropon <freebsd@edvax.de> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: How to block facebook access Message-ID: <599972E0.8080203@gmail.com> In-Reply-To: <20170819225659.56c11983.freebsd@edvax.de> References: <59988180.7020301@gmail.com> <c651aba9-8e5b-b193-1808-cef5b900cf27@tysdomain.com> <5998A270.9070907@gmail.com> <20170819225659.56c11983.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Polytropon wrote: > On Sat, 19 Aug 2017 16:41:20 -0400, Ernie Luzar wrote: >>> On 8/19/2017 2:20 PM, Ernie Luzar wrote: >>>> Hello list; >>>> >>>> Running 11.1 & ipfilter with LAN behind the gateway server. LAN users >>>> are using their work PC's to access facebook during work. >>>> >>>> What method would recommend to block all facebook access? >>>> >> > Littlefield, Tyler wrote: >> > make your proxy just blacklist facebook.com and m.facebook.com? >> > Blocking it will just let them view it on their phones though, so >> > you're looking at a different issue altogether. >> >> Already blocking 15 facebook login ip address which can be added to or >> changes by FB anytime. > > Yes, that is one of the core problems: You do not have control > over Facebook's network configuration. :-) > > On the IP level, you can maintain a list of IPs to block. And > you could use resolver modification to do this for you, for > example when the IP for a certain Facebook service or page > changes, using the resolver its new IP will be added to the > block list. With this approach, you can block using both > numeric IPs and domain name strings (which of course resolve > to IPs, too). > > Maybe it would be a lot easier if you could just switch to > whitelisting - define the IPs _allowed_ for the users. This > will surely introduce new problems like "I cannot access a > web site which I need for work, please verify and whitelist", > which is something you cannot fully automate. > I am unfamiliar with the "resolver modification" you speak of. Is this a function in ipfilter firewall? Where and how is this done?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?599972E0.8080203>