Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 Sep 2017 08:21:23 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Help scripting dns lookup using awk
Message-ID:  <70d0b776-f250-594d-5e47-f80c1077b425@FreeBSD.org>
In-Reply-To: <59BD3410.80708@gmail.com>
References:  <59BB24E4.6060908@gmail.com> <20170915143019.2e02d386@gumby.homeunix.com> <59BC6036.8040709@gmail.com> <CAOLAi33Uj-XmxSpvAgtMwQAKKAxLH60eqmVV177BYLrv7vQs9g@mail.gmail.com> <59BD3410.80708@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu
Content-Type: multipart/mixed; boundary="2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <70d0b776-f250-594d-5e47-f80c1077b425@FreeBSD.org>
Subject: Re: Help scripting dns lookup using awk
References: <59BB24E4.6060908@gmail.com>
 <20170915143019.2e02d386@gumby.homeunix.com> <59BC6036.8040709@gmail.com>
 <CAOLAi33Uj-XmxSpvAgtMwQAKKAxLH60eqmVV177BYLrv7vQs9g@mail.gmail.com>
 <59BD3410.80708@gmail.com>
In-Reply-To: <59BD3410.80708@gmail.com>

--2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: quoted-printable

On 16/09/2017 15:24, Ernie Luzar wrote:
> Yes all my different posts over the last month are related to a solutio=
n
> I am trying to development. It all started with what looked like a very=

> simple request from top management. "Stop employees from using social
> media from company PCs while at work"=C2=A0 The one and only Freebsd sy=
stem
> is the front door to the Company LAN and wifi. All LAN devices are
> WINDOW machines either cabled or wifi including hand held smart phones.=

> So needed a single point solution that would effect the whole digital s=
hop.

The canonical solution to this sort of requirement is to implement a web
proxy on the egress from your network.  Within the proxy you maintain a
blacklist of forbidden sites that it will refuse to provide service to.

The trick is to use firewall redirection to force any and all web
traffic to hit the proxy, and permit only the proxy to make web requests
from your corporate network to the outside world -- the term is
"transparent proxy."

This works best with unencrypted traffic, but can also be made to work
with HTTPS, although not quite as effectively.  It is also possible for
a motivated person to use VPN software to get around this sort of
restriction, but anyone so desperate to evade your corporate policies is
probably better handled by your HR department than by getting into a
technological arms-race.

	Cheers,

	Matthew


--2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx--

--0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJZviJ7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATzrsP/0U0gM2+6TwnGam2es3hP6Rq
uouDVO4ckHBW/VPYmnTwQe094CAWrRfoQI7N7OOh1qHv3F3sxwT4y2zXhHYnSEtC
33mdflqxqm6bs8cPQ0IqLpBIxbgs1EkhCr0Yq6sc8VZJqG4rdHUQg9b289KCpSDZ
LoXIOEL0JwkB0Ub5kj/uMwFk7JI8pgckaWZ2TkVkB3g6Hfz0hLu6NXbzW+V5lla3
FUiHHoJ/Unz6vbRmJzYk8Y+k177yt+v4FVwGWjsoWzoqXb9yhP75TT2bti2/It4Y
hqis5pixOwK17URejmWVQsV0bJ5vehiXzIhIJ12/ajqGiy+M20IvW7KC+K1PGj86
BQuUvWjrnQneLHWwkcZ1cmJ2GP6uwHqBa95+QgHXuY1/S2kuQNmLzB16myQ7slLq
JSUgCTt4js4FdeQ92aUgvuFmxEeydFk0HC/7liYvHT9LqxFDd6UPFHeHe6tCn5a/
7NGkWwxtSh8mC7d1B90X0oM2zckk1ymAuieQelts6/rJYNAiI/y1eob1eIIPLHhY
IsgrSDBZPCbampCRHAh76qy89O9aY/cbIzdgAR6NehI++DNatjZKFh9YZoylZ+TZ
INDspU4Nv+UvTMVvq/1cp6gs0lWKdhriOO/C2zNQF0sjvBFA4uzBE+Mum+fMa2Vp
A/R8owzasieAdycmGHcc
=RQk9
-----END PGP SIGNATURE-----

--0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?70d0b776-f250-594d-5e47-f80c1077b425>