Re: [m0n0wall] How to block a certain website with m0n0wall?

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	"m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] How to block a certain website with m0n0wall?
Date:	Thu, 08 Oct 2009 15:39:23 -0500

Rendra Basuki wrote:
> Actually I am trying to block sites such as twitter, facebook, hi5, and
> friendster since my boss said it caused lower productivity.
> 
> Any suggestion. I tried to put firewall rules to block the IP address of
> www.facebook.oom and facebook.com. The funny thing is that www.facebook.com
> and facebook.com shows 2 different addresses when I ping it.

I am taking this back to the list, as it is handy for lost of people.

Large sites like those are NOT one computer.  Facebook actually has 
69.63.176.0/20 for possible servers, and they may move.  To filter stuff 
like that, you need a real web filter.  I have used Untangle in a few 
clients and it works well.  However, using it with m0n0wall can be a 
challenge depending on the functions you need.  For example, Captive 
Portal will not work "through" Untangle is it is a b-router and rewrites 
the MAC address.

Or, you can ping each server, the do a 'whois' on the address block, and 
block the whole thing, and hope it is not hosted somewhere (like 
GoDaddy) with websites you need for business reasons.

			Lee