How to block facebook access
Matthew Seaman
matthew at FreeBSD.org
Sun Aug 20 12:18:17 UTC 2017
On 20/08/2017 12:44, Polytropon wrote:
>>> On the IP level, you can maintain a list of IPs to block. And
>>> you could use resolver modification to do this for you, for
>>> example when the IP for a certain Facebook service or page
>>> changes, using the resolver its new IP will be added to the
>>> block list. With this approach, you can block using both
>>> numeric IPs and domain name strings (which of course resolve
>>> to IPs, too).
>> I am unfamiliar with the "resolver modification" you speak of.
>> Is this a function in ipfilter firewall?
>> Where and how is this done?
> It's a term I probably invented because I don't know the correct
> name - if it even has a specific name. :-)
The term you're probably looking for 'RPZ' (Response Policy Zone) --
this is an extension that allows you to override what your recursive
resolver will return for certain zones:
http://www.zytrax.com/books/dns/ch7/rpz.html
Effectively you can load a special zone file full of domains you want to
return other than the standard response for. These zones can be AXFR'd
between a cluster of resolvers for ease of administration.
Implemented in bind -- this isn't an IETF specification, so may not be
available in other brands of nameserver, or if it is, may not
interoperate very well between different DNS software packages.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170820/1ee0a2ef/attachment.sig>
More information about the freebsd-questions
mailing list