I have configured my PF to block sites to prevent staffs accessing these during normal office hours that may reduce their productivity. Here is how I'm doing this:
1. I created persist table in pf.conf that will contain the addresses later.
2. Then I created script to be executed by rc.local every boot up to put/add the addresses/FQDN.
pfctl -t <table_name> -T add www.nonproductive.com
pfctl -t <table_name> -T add www.censored.com
... so on and so forth
3. In my pf.conf's filter rules I added rules to block this table.
This has worked for me.
I just want to know from all of you if there is other way of doing this more efficiently? I tried creating "const" table and even "table <table_name> persist file /etc/file_name_of_table" that contains all the FQDN/addresses but once pf is loaded on boot up, errors are returned by PF for the rules used to block this table's addresses/FQDNs.
My explanation is that because "named" and the "network" programs are enabled/loaded after pf and in this case it can't resolve the FQDN and look for their addresses on the internet.
The procedures above is my own way of solving this. Any suggestions?