How to block a domain instead of an IP range?



  • Hi all,

    Can any one help me with this issue? I need to block www.facebook.com with its domain name not the IP range. I don't  want to have transparent squid in my office though.
    Please let know if there a way to block a domain with pfsense 1.2
    btw is it possible to do it with Snort, if so how?

    Thanks!
    Manjula



  • you can do that by using squid guard.
    its fairly simple



  • As I mention we don't like to use a proxy in my office. But we need to block Facebook.com during office hours. Facebook uses no of ips and random DNS I guess. Any idea how to do this?
    Thanks!



  • That is what i tried to said, SquidGaurd is a package in pfsense itself , thorugh which you can blacklist a domain.



  • if you want to block an entire domain… just create the file  /usr/local/etc/dnsmasq.conf

    in that file add:  address=/www.myspace.com/127.0.0.1

    Now anyone who tries to connect to "www.myspace.com"  will just connect back to their own system, as long as your pfsense ip is their DNS Server IP.

    I made a package called "DNS Blacklist" to do this sort of thing.  You can check it out if you like.



  • You can also admin this from the gui I found out–

    if you look on the page for the DNS forwarder, the bottom has a spot:

    Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain.

    add your domain there.


Log in to reply