Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 May 2011 11:06:33 -0500
From:      "Edwin L. Culp W." <edwinlculp@gmail.com>
To:        Zhu Sha Zang <zhushazang@yahoo.com.br>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: blocking facebook
Message-ID:  <BANLkTi=GmDPHeVRWJDek_jVV-biMMefMtw@mail.gmail.com>
In-Reply-To: <4DBEC293.1010607@yahoo.com.br>
References:  <4DBEC293.1010607@yahoo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 2, 2011 at 9:41 AM, Zhu Sha Zang <zhushazang@yahoo.com.br> wrote:
> I'm trying to block facebook access only using PF in FreeBSD 8.2.
>
> But putting the name or the ip returned with the command host
> www.facebook.com i can't deny any user to connect facebook.

I found a way to block it with pf but didn't have the control that I
wanted so I started using Squid and am super happy.  I even set it by
time spans, days, etc. etc.

I have a file that has facebook in the /usr/local/log/squid/ directory
/usr/local/etc/squid # cat squid-block.acl
.facebook.com
.fbcdn.net

In my squid.conf file i added.

   #  This is a special "public" machine that on ocassion needs facebook accss..
        acl myclients src 172.16.0.5/32
        http_access allow myclients

    # This should be clear with times and weekdays specified and it is
just under the allow for 172.16.0.5

        acl bad url_regex -i "/usr/local/etc/squid/squid-block.acl"
        acl lunchtime time MTWHF 14:00-16:15
        acl night time MTWHF 18:45-23:59
        acl morning time MTWHF 00:00-10:30
        http_access deny bad !lunchtime !morning !night

I find it works fine and prefer it be in squid than PF

I use the following in PF and it seems to work but IMMHO I still
prefer squid and find it much safer.

I have only used pf to block my LAN and and haven't taken time to find
a way to allow some ip's and delete the rest plus I don't see it as
practical.  My pf.conf is confusing enough without adding lan user
stuff.

You might wan  to look at
http://wiki.squid-cache.org/SquidFaq/SquidAcl#Access_Lists

Hope this helps,

ed

>
> Some trick to do that?
>
> Thanks for now.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTi=GmDPHeVRWJDek_jVV-biMMefMtw>