Set a deny rule for a URL in IPFW by its domain name
Nathan Aherne
nathan at reddog.com.au
Mon Nov 30 22:14:06 UTC 2015
Just use a dns override for the domains you want to block.
Regards,
Nathan
Sent from my iPhone
> On 1 Dec 2015, at 1:52 AM, Julian Elischer <julian at freebsd.org> wrote:
>
>> On 30/11/2015 8:02 PM, Ian Smith wrote:
>> On Mon, 30 Nov 2015 16:48:49 +0530, Kulamani Sethi wrote:
>> > Hi all,
>> > I am using ipfw3, can i block a URL by its domain name? When i am
>> > setting rules in IPFW by its domain name, it simple set rule by its
>> > corresponding IP.
>> > Here example how i set
>> >
>> > C:>ipfw add 1002 deny log ip from www.google.com to any
>> >
>> > As i know most of the websites uses dynamic IP, it simple changes there IP
>> > periodically. This rule i set for google is worked for few moment, then it
>> > allow the packets to my terminal.
> the only way to do this is to make a daemon similar to what I wrote for cisco many years ago.
> it acts as a DNS 'man-in-the-middle' and compares all DNS responses against black/white lists.
> WHen it gets a hit it:
> 1/ returns a suitably altered answer.
> 2/ adds the address found to a black or white table in ipfw.
>
> Since Secure DNS is getting more popular, it would probably make more sense these days to make unbound or bind
> feed their work through some filter module to do the same thing.
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list