From owner-freebsd-questions@freebsd.org Sun Sep 17 07:21:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15D22E0132D for ; Sun, 17 Sep 2017 07:21:35 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E34A75A04 for ; Sun, 17 Sep 2017 07:21:34 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:1c1d:86a1:a200:b700]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 5681619A8 for ; Sun, 17 Sep 2017 07:21:31 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Subject: Re: Help scripting dns lookup using awk To: freebsd-questions@freebsd.org References: <59BB24E4.6060908@gmail.com> <20170915143019.2e02d386@gumby.homeunix.com> <59BC6036.8040709@gmail.com> <59BD3410.80708@gmail.com> From: Matthew Seaman Message-ID: <70d0b776-f250-594d-5e47-f80c1077b425@FreeBSD.org> Date: Sun, 17 Sep 2017 08:21:23 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <59BD3410.80708@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 07:21:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu Content-Type: multipart/mixed; boundary="2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <70d0b776-f250-594d-5e47-f80c1077b425@FreeBSD.org> Subject: Re: Help scripting dns lookup using awk References: <59BB24E4.6060908@gmail.com> <20170915143019.2e02d386@gumby.homeunix.com> <59BC6036.8040709@gmail.com> <59BD3410.80708@gmail.com> In-Reply-To: <59BD3410.80708@gmail.com> --2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 16/09/2017 15:24, Ernie Luzar wrote: > Yes all my different posts over the last month are related to a solutio= n > I am trying to development. It all started with what looked like a very= > simple request from top management. "Stop employees from using social > media from company PCs while at work"=C2=A0 The one and only Freebsd sy= stem > is the front door to the Company LAN and wifi. All LAN devices are > WINDOW machines either cabled or wifi including hand held smart phones.= > So needed a single point solution that would effect the whole digital s= hop. The canonical solution to this sort of requirement is to implement a web proxy on the egress from your network. Within the proxy you maintain a blacklist of forbidden sites that it will refuse to provide service to. The trick is to use firewall redirection to force any and all web traffic to hit the proxy, and permit only the proxy to make web requests from your corporate network to the outside world -- the term is "transparent proxy." This works best with unencrypted traffic, but can also be made to work with HTTPS, although not quite as effectively. It is also possible for a motivated person to use VPN software to get around this sort of restriction, but anyone so desperate to evade your corporate policies is probably better handled by your HR department than by getting into a technological arms-race. Cheers, Matthew --2V4w9acuWIuq2Qi6E5hfDTSC8NBw4D2rx-- --0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJZviJ7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATzrsP/0U0gM2+6TwnGam2es3hP6Rq uouDVO4ckHBW/VPYmnTwQe094CAWrRfoQI7N7OOh1qHv3F3sxwT4y2zXhHYnSEtC 33mdflqxqm6bs8cPQ0IqLpBIxbgs1EkhCr0Yq6sc8VZJqG4rdHUQg9b289KCpSDZ LoXIOEL0JwkB0Ub5kj/uMwFk7JI8pgckaWZ2TkVkB3g6Hfz0hLu6NXbzW+V5lla3 FUiHHoJ/Unz6vbRmJzYk8Y+k177yt+v4FVwGWjsoWzoqXb9yhP75TT2bti2/It4Y hqis5pixOwK17URejmWVQsV0bJ5vehiXzIhIJ12/ajqGiy+M20IvW7KC+K1PGj86 BQuUvWjrnQneLHWwkcZ1cmJ2GP6uwHqBa95+QgHXuY1/S2kuQNmLzB16myQ7slLq JSUgCTt4js4FdeQ92aUgvuFmxEeydFk0HC/7liYvHT9LqxFDd6UPFHeHe6tCn5a/ 7NGkWwxtSh8mC7d1B90X0oM2zckk1ymAuieQelts6/rJYNAiI/y1eob1eIIPLHhY IsgrSDBZPCbampCRHAh76qy89O9aY/cbIzdgAR6NehI++DNatjZKFh9YZoylZ+TZ INDspU4Nv+UvTMVvq/1cp6gs0lWKdhriOO/C2zNQF0sjvBFA4uzBE+Mum+fMa2Vp A/R8owzasieAdycmGHcc =RQk9 -----END PGP SIGNATURE----- --0arvEkvVCv2phiExtAwtFtnbxHI8Rk9Tu--