Share your knowledge at the LQ Wiki.
Go Back > Forums > Other *NIX Forums > *BSD
User Name
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.


  Search this Thread
Old 11-05-2004, 06:06 AM   #1
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: Linuxmint, Slackware
Posts: 356

Rep: Reputation: 34
Blocking some sites...

I have configured my PF to block sites to prevent staffs accessing these during normal office hours that may reduce their productivity. Here is how I'm doing this:

1. I created persist table in pf.conf that will contain the addresses later.

2. Then I created script to be executed by rc.local every boot up to put/add the addresses/FQDN.


pfctl -t <table_name> -T add
pfctl -t <table_name> -T add
... so on and so forth

3. In my pf.conf's filter rules I added rules to block this table.

This has worked for me.

I just want to know from all of you if there is other way of doing this more efficiently? I tried creating "const" table and even "table <table_name> persist file /etc/file_name_of_table" that contains all the FQDN/addresses but once pf is loaded on boot up, errors are returned by PF for the rules used to block this table's addresses/FQDNs.

My explanation is that because "named" and the "network" programs are enabled/loaded after pf and in this case it can't resolve the FQDN and look for their addresses on the internet.

The procedures above is my own way of solving this. Any suggestions?
Old 11-05-2004, 10:56 AM   #2
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 75
Why don't you just use the IPs instead of the DNS names? That way you could put them in a file and have the table just point to that file.

Another thing you could do is put the DNS names in a file, one per line. You should be able to load them with this loop (in shell script):

for i in `cat /path/badsites`
    /sbin/pfctl -t sitetable -T add $i

Last edited by chort; 11-05-2004 at 10:59 AM.
Old 11-05-2004, 09:07 PM   #3
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: Linuxmint, Slackware
Posts: 356

Original Poster
Rep: Reputation: 34
Why I forgot the training I have just attended couple of months ago on Linux 201 that thought us making scripts to automate and simplify processes such as this one you've just suggested. Hmmm....I might be getting older now..easily forgetting things.

Tnx chort for reviewing me this stuff!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables is blocking sites... The_wave Linux - Networking 9 09-09-2005 04:44 PM
Sites sandman545 Linux - Newbie 3 05-25-2005 11:04 PM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 06:27 AM
Blocking porn sites debug019 Linux - Newbie 4 09-07-2004 01:13 AM
Blocking web sites lovswr Linux - Software 6 11-03-2003 12:10 PM > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 12:21 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration