Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 1 Dec 2015 08:09:23 +1000 (EST)
From:      Nathan Aherne <nathan@reddog.com.au>
To:        Julian Elischer <julian@freebsd.org>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Set a deny rule for a URL in IPFW by its domain name
Message-ID:  <F06E1F8D-7DC0-4C5A-9B48-090806ECA378@reddog.com.au>
In-Reply-To: <565C7198.6040504@freebsd.org>
References:  <CAC9ZwGa2BTB8PtdshWuHEUUXzQbKpH9PgUBR-PwOHJJa0pf0QA@mail.gmail.com> <20151130223514.Q16065@sola.nimnet.asn.au> <565C7198.6040504@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Just use a dns override for the domains you want to block.

Regards,
Nathan
Sent from my iPhone

> On 1 Dec 2015, at 1:52 AM, Julian Elischer <julian@freebsd.org> wrote:
>=20
>> On 30/11/2015 8:02 PM, Ian Smith wrote:
>> On Mon, 30 Nov 2015 16:48:49 +0530, Kulamani Sethi wrote:
>>  > Hi all,
>>  >    I am using ipfw3, can i block a URL by its domain name? When i am
>>  > setting rules in IPFW by its domain name, it simple set rule by its
>>  > corresponding IP.
>>  > Here example how i set
>>  >
>>  > C:>ipfw add 1002 deny log ip  from www.google.com to any
>>  >
>>  > As i know most of the websites uses dynamic IP, it simple changes ther=
e IP
>>  > periodically. This rule i set for google is worked for few moment, the=
n it
>>  > allow the packets to my terminal.
> the only way to do this is to make a daemon similar to what I wrote for ci=
sco many years ago.
> it acts as a DNS 'man-in-the-middle' and compares all DNS responses agains=
t black/white lists.
> WHen it gets a hit it:
> 1/ returns a suitably altered answer.
> 2/ adds the address found to a black or white table in ipfw.
>=20
> Since Secure DNS is getting more popular, it would probably make more sens=
e these days to make unbound or bind
> feed their work through some filter module to do the same thing.
>=20
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F06E1F8D-7DC0-4C5A-9B48-090806ECA378>