From owner-freebsd-questions@freebsd.org  Sun Aug 20 18:48:22 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED7B1DE5CEA
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 20 Aug 2017 18:48:22 +0000 (UTC) (envelope-from johnl@iecc.com)
Received: from miucha.iecc.com (w6.iecc.com
 [IPv6:2001:470:1f07:1126::4945:4343])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client CN "miucha.iecc.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 93C316EC87
 for <freebsd-questions@freebsd.org>; Sun, 20 Aug 2017 18:48:22 +0000 (UTC)
 (envelope-from johnl@iecc.com)
Received: (qmail 10167 invoked from network); 20 Aug 2017 18:48:20 -0000
Received: from unknown (64.57.183.18)
 by mail1.iecc.com with QMQP; 20 Aug 2017 18:48:20 -0000
Date: 20 Aug 2017 18:47:58 -0000
Message-ID: <20170820184758.4848.qmail@ary.lan>
From: "John Levine" <johnl@iecc.com>
To: freebsd-questions@freebsd.org
Cc: luzar722@gmail.com
Subject: Re: How to block facebook access
In-Reply-To: <5999955C.9030601@gmail.com>
Organization: 
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Aug 2017 18:48:23 -0000

In article <5999955C.9030601@gmail.com> you write:
>What do you think about this method?
>
>Add entries into /etc/hosts file.
>
>127.0.0.1    blacked www.facebook.com
>127.0.0.1    blacked n.facebook.com
>127.0.0.1    blacked facebook.com
>127.0.0.1    blacked login.facebook.com

Seemn like a fairly ineffective way to block users across a LAN most
of whom are likely running Windows.  You need to block the names they
look up, not local lookups on the gateway.

I do agree that the best way to block Facebook is via the DNS cache on
your gateway, assuming that's how your LAN is set up.  Bind and
Unbound both have ways to add local overrides.  RPZ is one possibility
but for a short static list of names, there are easier ways.

R's,
John