Block site from DNS

akira01 · Aug 30, 2013

I have server DNS with powerdns to block domains. There are many clients using my DNS, I wish to deny browsing to Facebook for some IP and not for someone else's IP. Can I use PF to do that? Because powerdns doesn't support something like that.

Thanks.

johnblue · Oct 2, 2013

@akira01, if you are still around I think that you might want to check out using a content filter like the one provided by the Sophos UTM: http://download.astaro.com/UTM/v9/software_appliance/iso/latest_asg_v9_software.iso

It is free and sort-of fully featured for home use which will give you a chance to see if it would work the way you would like it to.

quintessence · Oct 3, 2013

Hi,

Try using squid. With PF it can be accomplished by creating a table/rule with Facebook networks and deny access to all its IPs except from desired customers:

Code:

table <allow_to_fb> persist file "/etc/allowtofb.txt" #here you put IPs (every on new row) on your customers which you would like to have an access to Facebook
...
block quick on $your_interface inet proto tcp from ! <allow_to_fb> to { 69.63.176.0/20, 66.220.144.0/20 #and so on ... }

ASN32934 networks: http://bgp.he.net/AS32934#_prefixes, http://bgp.he.net/AS32934#_prefixes6

Block site from DNS

akira01

johnblue

quintessence