LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices



Reply
 
Search this Thread
Old 11-05-2004, 07:06 AM   #1
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Blocking some sites...


I have configured my PF to block sites to prevent staffs accessing these during normal office hours that may reduce their productivity. Here is how I'm doing this:

1. I created persist table in pf.conf that will contain the addresses later.

2. Then I created script to be executed by rc.local every boot up to put/add the addresses/FQDN.

#!/bin/sh

pfctl -t <table_name> -T add www.nonproductive.com
pfctl -t <table_name> -T add www.censored.com
... so on and so forth

3. In my pf.conf's filter rules I added rules to block this table.

This has worked for me.

I just want to know from all of you if there is other way of doing this more efficiently? I tried creating "const" table and even "table <table_name> persist file /etc/file_name_of_table" that contains all the FQDN/addresses but once pf is loaded on boot up, errors are returned by PF for the rules used to block this table's addresses/FQDNs.

My explanation is that because "named" and the "network" programs are enabled/loaded after pf and in this case it can't resolve the FQDN and look for their addresses on the internet.

The procedures above is my own way of solving this. Any suggestions?
 
Old 11-05-2004, 11:56 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Why don't you just use the IPs instead of the DNS names? That way you could put them in a file and have the table just point to that file.

Another thing you could do is put the DNS names in a file, one per line. You should be able to load them with this loop (in shell script):

Code:
for i in `cat /path/badsites`
do
    /sbin/pfctl -t sitetable -T add $i
done

Last edited by chort; 11-05-2004 at 11:59 AM.
 
Old 11-05-2004, 10:07 PM   #3
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Original Poster
Rep: Reputation: 31
Why I forgot the training I have just attended couple of months ago on Linux 201 that thought us making scripts to automate and simplify processes such as this one you've just suggested. Hmmm....I might be getting older now..easily forgetting things.

Tnx chort for reviewing me this stuff!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables is blocking sites... The_wave Linux - Networking 9 09-09-2005 05:44 PM
Sites sandman545 Linux - Newbie 3 05-26-2005 12:04 AM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 07:27 AM
Blocking porn sites debug019 Linux - Newbie 4 09-07-2004 02:13 AM
Blocking web sites lovswr Linux - Software 6 11-03-2003 01:10 PM


All times are GMT -5. The time now is 01:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration