How to block facebook access

Odhiambo Washington odhiambo at
Sat Aug 26 10:20:14 UTC 2017

On 23 August 2017 at 03:08, Adam Vande More <amvandemore at> wrote:

> On Sat, Aug 19, 2017 at 1:20 PM, Ernie Luzar <luzar722 at> wrote:
> > Hello list;
> >
> > Running 11.1 & ipfilter with LAN behind the gateway server. LAN users are
> > using their work PC's to access facebook during work.
> >
> > What method would recommend to block all facebook access?
> >
> Personally I would setup a transparent proxy eg squid and block it using
> that.  DNS solutions are too fragile and something like squid can generate
> comprehensive reports.
> --
> Adam

In line with the KISS (Keep It Simple Stupid) principle, I beg to differ
with you! Using Squid in transparent mode is not the easiest way to block
HTTPS traffic. Think about setting up ssl_bump and all those certificates
you have to import on all the computers so that the cert is 'trusted', and
the pain you have to go through with the different browsers. I have been
there and found it too much complex work.
I use dnsmasq+PF+BIND+DHCP (or unbound) to achieve this, but only that I
have to exempt some users from the blockage. If it was a blanket block, the
unbound REFUSE option is dandy - K.I.S.S - as detailed by Frank Shute.

Best regards,
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

More information about the freebsd-questions mailing list