From owner-freebsd-ipfw@freebsd.org Mon Nov 30 22:14:06 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72621A3D2ED for ; Mon, 30 Nov 2015 22:14:06 +0000 (UTC) (envelope-from nathan@reddog.com.au) Received: from mail.7sq.com.au (mail.7sq.com.au [119.148.74.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3046319BE; Mon, 30 Nov 2015 22:14:05 +0000 (UTC) (envelope-from nathan@reddog.com.au) Received: from localhost (localhost [127.0.0.1]) by mail.7sq.com.au (Postfix) with ESMTP id 9F4F02C3316; Tue, 1 Dec 2015 08:09:23 +1000 (AEST) Received: from mail.7sq.com.au ([127.0.0.1]) by localhost (mail.7sq.com.au [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id KDr_khr-xBbd; Tue, 1 Dec 2015 08:09:23 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by mail.7sq.com.au (Postfix) with ESMTP id 6EB9C2C3232; Tue, 1 Dec 2015 08:09:23 +1000 (AEST) X-Virus-Scanned: amavisd-new at mail.7sq.com.au Received: from mail.7sq.com.au ([127.0.0.1]) by localhost (mail.7sq.com.au [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id y1D3rGmm4Boj; Tue, 1 Dec 2015 08:09:23 +1000 (AEST) Received: from mailstore1.mail.7sq.com.au (mailstore1.mail.7sq.com.au [192.168.242.86]) by mail.7sq.com.au (Postfix) with ESMTP id 2D72D2C3316; Tue, 1 Dec 2015 08:09:23 +1000 (AEST) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable From: Nathan Aherne MIME-Version: 1.0 Subject: Re: Set a deny rule for a URL in IPFW by its domain name Message-Id: Date: Tue, 1 Dec 2015 08:09:23 +1000 (EST) References: <20151130223514.Q16065@sola.nimnet.asn.au> <565C7198.6040504@freebsd.org> To: Julian Elischer In-Reply-To: <565C7198.6040504@freebsd.org> Cc: freebsd-ipfw@freebsd.org X-Mailer: Zimbra 8.6.0_GA_1182 (MobileSync - Apple-iPhone6C2/1301.452) Thread-Topic: Set a deny rule for a URL in IPFW by its domain name Thread-Index: kjTZkZCJAZhfIE2h5bVMuVMmtLy5iA== X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2015 22:14:06 -0000 Just use a dns override for the domains you want to block. Regards, Nathan Sent from my iPhone > On 1 Dec 2015, at 1:52 AM, Julian Elischer wrote: >=20 >> On 30/11/2015 8:02 PM, Ian Smith wrote: >> On Mon, 30 Nov 2015 16:48:49 +0530, Kulamani Sethi wrote: >> > Hi all, >> > I am using ipfw3, can i block a URL by its domain name? When i am >> > setting rules in IPFW by its domain name, it simple set rule by its >> > corresponding IP. >> > Here example how i set >> > >> > C:>ipfw add 1002 deny log ip from www.google.com to any >> > >> > As i know most of the websites uses dynamic IP, it simple changes ther= e IP >> > periodically. This rule i set for google is worked for few moment, the= n it >> > allow the packets to my terminal. > the only way to do this is to make a daemon similar to what I wrote for ci= sco many years ago. > it acts as a DNS 'man-in-the-middle' and compares all DNS responses agains= t black/white lists. > WHen it gets a hit it: > 1/ returns a suitably altered answer. > 2/ adds the address found to a black or white table in ipfw. >=20 > Since Secure DNS is getting more popular, it would probably make more sens= e these days to make unbound or bind > feed their work through some filter module to do the same thing. >=20 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"