How about setting up a squid proxy for http and https and disallow all port 80/443 traffic except via the proxy. In the proxy, you can control exactly what websites are accessible then.
On 11/14/13 12:45 PM, "Pierre Emeriaud" <[email protected]> wrote: >> i need to prevent users to open Facebook https traffic from my router >>cisco >> 1841 >> >> i can put it as ip but is there any thing else because the ip way not >> efficient > >What about null-routing all advertised prefixes (32) from Facebook AS? > >$ whois -h asn.shadowserver.org prefix 32934 | awk -F" " '{print "ip >route " $1 " null0"}' >ip route 31.13.24.0/21 null0 >ip route 31.13.64.0/24 null0 >... > >Rinse & repeat every couple of months. > > > >-- >pierre >_______________________________________________ >cisco-nsp mailing list [email protected] >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
