Blocking some sites...
 

I have configured my PF to block sites to prevent staffs accessing these during normal office hours that may reduce their productivity. Here is how I'm doing this:

1. I created persist table in pf.conf that will contain the addresses later.

2. Then I created script to be executed by rc.local every boot up to put/add the addresses/FQDN.

#!/bin/sh

pfctl -t <table_name> -T add www.nonproductive.com
pfctl -t <table_name> -T add www.censored.com
... so on and so forth

3. In my pf.conf's filter rules I added rules to block this table.

This has worked for me.

I just want to know from all of you if there is other way of doing this more efficiently? I tried creating "const" table and even "table <table_name> persist file /etc/file_name_of_table" that contains all the FQDN/addresses but once pf is loaded on boot up, errors are returned by PF for the rules used to block this table's addresses/FQDNs.

My explanation is that because "named" and the "network" programs are enabled/loaded after pf and in this case it can't resolve the FQDN and look for their addresses on the internet.

The procedures above is my own way of solving this. Any suggestions?

Why don't you just use the IPs instead of the DNS names? That way you could put them in a file and have the table just point to that file.

Another thing you could do is put the DNS names in a file, one per line. You should be able to load them with this loop (in shell script):

Why I forgot the training I have just attended couple of months ago on Linux 201 that thought us making scripts to automate and simplify processes such as this one you've just suggested. Hmmm....I might be getting older now..easily forgetting things.

Tnx chort for reviewing me this stuff!