From owner-freebsd-pf@FreeBSD.ORG Mon May 2 16:37:58 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A41E106566C for ; Mon, 2 May 2011 16:37:58 +0000 (UTC) (envelope-from edwinlculp@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1F2988FC13 for ; Mon, 2 May 2011 16:37:57 +0000 (UTC) Received: by vxc34 with SMTP id 34so5827444vxc.13 for ; Mon, 02 May 2011 09:37:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=R8VAhkz7FddgqH8J5pqHuPyC3hdVrZbICXynyYpLkys=; b=CQ1C20my62qMwMqEqK8Ipes/hgu48qHqkcKWWIWk25/phRYtu87BQj1x6yGMrEfBFB CZOQ+Vp8zzieqm3YOVUL47NviqxLZkxWQ0hRWrSEJh1Fs3gosP7aCH3QBswcFkbLhnMU UMMnmDGt4QjWvdaHl/tCXdLcifJU425IDS4o0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=hvTxeBAC7XQG16KWqXjQMpBbRvA3xJV/GMSL2fLLY3C1vxKjX+f2CdB1hzI8hLUY9M /Vvreu9QpF70s0LasHm+Lts0wZAZtE3KNtBx9A0T5SMMNiygzsFmyR6udVJ+OKztnNyj iCxj25pn3XLI2QeJlgaJKpD9j5U9hqXySM1D8= MIME-Version: 1.0 Received: by 10.52.68.168 with SMTP id x8mr1581915vdt.77.1304352393731; Mon, 02 May 2011 09:06:33 -0700 (PDT) Received: by 10.52.107.5 with HTTP; Mon, 2 May 2011 09:06:33 -0700 (PDT) In-Reply-To: <4DBEC293.1010607@yahoo.com.br> References: <4DBEC293.1010607@yahoo.com.br> Date: Mon, 2 May 2011 11:06:33 -0500 Message-ID: From: "Edwin L. Culp W." To: Zhu Sha Zang Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-pf@freebsd.org Subject: Re: blocking facebook X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 16:37:58 -0000 On Mon, May 2, 2011 at 9:41 AM, Zhu Sha Zang wrote: > I'm trying to block facebook access only using PF in FreeBSD 8.2. > > But putting the name or the ip returned with the command host > www.facebook.com i can't deny any user to connect facebook. I found a way to block it with pf but didn't have the control that I wanted so I started using Squid and am super happy. I even set it by time spans, days, etc. etc. I have a file that has facebook in the /usr/local/log/squid/ directory /usr/local/etc/squid # cat squid-block.acl .facebook.com .fbcdn.net In my squid.conf file i added. # This is a special "public" machine that on ocassion needs facebook accss.. acl myclients src 172.16.0.5/32 http_access allow myclients # This should be clear with times and weekdays specified and it is just under the allow for 172.16.0.5 acl bad url_regex -i "/usr/local/etc/squid/squid-block.acl" acl lunchtime time MTWHF 14:00-16:15 acl night time MTWHF 18:45-23:59 acl morning time MTWHF 00:00-10:30 http_access deny bad !lunchtime !morning !night I find it works fine and prefer it be in squid than PF I use the following in PF and it seems to work but IMMHO I still prefer squid and find it much safer. I have only used pf to block my LAN and and haven't taken time to find a way to allow some ip's and delete the rest plus I don't see it as practical. My pf.conf is confusing enough without adding lan user stuff. You might wan to look at http://wiki.squid-cache.org/SquidFaq/SquidAcl#Access_Lists Hope this helps, ed > > Some trick to do that? > > Thanks for now. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >