Trying to block sites for a school network (i.e. myspace, etc)
I'm running a network for an elementry school, and will be installing a pfsense box as a content filter. I'm trying to block some sites such as MySpace and any other sites that they tell me they don't want the kids accessing.
So I determined the myspace IP (188.8.131.52) by pinging it and then set a LAN rule to block it, like so:
Proto Source Port Destination Port Gateway Description
TCP * * 184.108.40.206 * *
* LAN net * * * * Default LAN -> any
And, after reading another post about blocking AIM and MSN messenger, i got the idea to use DNS Forwarder to set a fake resolution, like so:
Host Domain IP Description
myspace myspace.com 127.0.0.1 myspace fake
Going to 220.127.116.11 in a web browser fails, but going to myspace.com does in fact still work; even though it takes a little longer, I guess it still resolves somehow. I also tried to set it to like 18.104.22.168 instead of 127.0.0.1 as I had seen in another post, but neither worked.
I'm stumped and would really like some help. I also installed the Squid package, and from what I gather that can be used to filter content as well, but I have no idea how to get that working.
Any help would be greatly appreciated. The best way to block websites with pfsense is what I'd like to do… however that may be.
If you do
you'll see that in addition to 22.214.171.124 you should also block access to
126.96.36.199, 188.8.131.52, 184.108.40.206
As a side note for anyone else who might be tyring to block myspace… heres all the URLs that (at least so far) I have found for myspace. They include myspace.com, vids.myspace.com, login.myspace.com, and home.myspace.com. I wouldnt be suprised if I missed some. I found all these because my browser, after being rejected, gets redirected to google.com's search, where you can 'view a cached page' of myspace.com. This is a partial bypass of the firewall I had set to block only 'myspace.com' IPs, because of their subdomains. So, this might be helpful if you're in the same spot as me, thought I'd pass it along.
220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
I made all these IPs an alias to make for an easier firewall block rule.
Plain firewall rules really isn't sufficient to block web sites, if you want to do it effectively. Anyone looking to block web sites should look at a proxy server in addition to your perimeter firewall.