How to block facebook access
matthew at FreeBSD.org
Sun Aug 20 12:18:17 UTC 2017
On 20/08/2017 12:44, Polytropon wrote:
>>> On the IP level, you can maintain a list of IPs to block. And
>>> you could use resolver modification to do this for you, for
>>> example when the IP for a certain Facebook service or page
>>> changes, using the resolver its new IP will be added to the
>>> block list. With this approach, you can block using both
>>> numeric IPs and domain name strings (which of course resolve
>>> to IPs, too).
>> I am unfamiliar with the "resolver modification" you speak of.
>> Is this a function in ipfilter firewall?
>> Where and how is this done?
> It's a term I probably invented because I don't know the correct
> name - if it even has a specific name. :-)
The term you're probably looking for 'RPZ' (Response Policy Zone) --
this is an extension that allows you to override what your recursive
resolver will return for certain zones:
Effectively you can load a special zone file full of domains you want to
return other than the standard response for. These zones can be AXFR'd
between a cluster of resolvers for ease of administration.
Implemented in bind -- this isn't an IETF specification, so may not be
available in other brands of nameserver, or if it is, may not
interoperate very well between different DNS software packages.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions