Date: Mon, 30 Nov 2015 23:56:08 +0800 From: Julian Elischer <julian@freebsd.org> To: freebsd-ipfw@freebsd.org Subject: Re: Set a deny rule for a URL in IPFW by its domain name Message-ID: <565C7198.6040504@freebsd.org> In-Reply-To: <20151130223514.Q16065@sola.nimnet.asn.au> References: <CAC9ZwGa2BTB8PtdshWuHEUUXzQbKpH9PgUBR-PwOHJJa0pf0QA@mail.gmail.com> <20151130223514.Q16065@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30/11/2015 8:02 PM, Ian Smith wrote: > On Mon, 30 Nov 2015 16:48:49 +0530, Kulamani Sethi wrote: > > Hi all, > > I am using ipfw3, can i block a URL by its domain name? When i am > > setting rules in IPFW by its domain name, it simple set rule by its > > corresponding IP. > > Here example how i set > > > > C:>ipfw add 1002 deny log ip from www.google.com to any > > > > As i know most of the websites uses dynamic IP, it simple changes there IP > > periodically. This rule i set for google is worked for few moment, then it > > allow the packets to my terminal. > the only way to do this is to make a daemon similar to what I wrote for cisco many years ago. it acts as a DNS 'man-in-the-middle' and compares all DNS responses against black/white lists. WHen it gets a hit it: 1/ returns a suitably altered answer. 2/ adds the address found to a black or white table in ipfw. Since Secure DNS is getting more popular, it would probably make more sense these days to make unbound or bind feed their work through some filter module to do the same thing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?565C7198.6040504>