What about an entry in your local DNS (what your hosts use) that gives a bogus ip (127.0.0.1?) for *.badhost.com? Then users can never connect to badhost.com.
I don't know too many FW's that allow you to use a URL in a rule. IIRC, CheckPoint-FW1 did/does, but they recommend against it due to overhead. As pointed out, Squid or other light weight white/blacklist thingy might be in order. ----- Original Message ----- From: owner-freebsd-questi...@freebsd.org <owner-freebsd-questi...@freebsd.org> To: freebsd-questions@freebsd.org <freebsd-questions@freebsd.org> Sent: Thu Jun 17 15:56:23 2010 Subject: Re: FreeBSD router (IPFW-based): how to block an URL (all IPs of an A-like HOSTNAME) Ok, very simple put: To do this without shell scripting, but this could avoid filter future IP addresses: 1. DIG HOSTNAMEs and add ipfw block rules for those IPs 2. DIG HOSTNAMEs and add a null rule To block all *.hostname and future IP addresses of any of *.hostname, there must be written a shell script, that analyzes all requests [have no idea how to execute a shell script LIVE!!!, any idea on this topic?]. --- On Thu, 6/17/10, Bernt Hansson <be...@bah.homeip.net> wrote: From: Bernt Hansson <be...@bah.homeip.net> Subject: Re: FreeBSD router (IPFW-based): how to block an URL (all IPs of an A-like HOSTNAME) To: "Valerian Galeru" <valerian...@yahoo.com> Cc: freebsd-questions@freebsd.org Date: Thursday, June 17, 2010, 11:47 PM Valerian Galeru said the following on 2010-06-17 22:01: > Hello, > > Does anyone have any ideas how to block all requests using an IPFW-based > router > (FreeBSD 6.4) to and from a HOSTNAME (which has more DNS A entries) or > better, from any *.HOSTNAME.COM ???? Do a whois hostname.com taking note of their ip-address range. Then, for ipf, put this in your rules file. ### EXAMPLE ### block in quick on fxp0 from 192.168.0.0/16 to any block out quick on fxp0 from any to 192.168.0.0/16 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"