| 1 |
I used to volunteer at the local high school. They would redirect both http and https through their content filter (I'm not sure how they worked around SSL warnings exactly - maybe just a wildcard certificate for *? I know it was signed by a CA they had generated and installed on every school computer). |
| 2 |
|
| 3 |
Other than that the best you can hope for is preventing DNS from resolving it. Add to dnsmasq options on your router "-A /facebook.com/fbcdn.net/". |
| 4 |
|
| 5 |
-A: Specify an IP address to return for any host in the given domains. Queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6. |
| 6 |
... |
| 7 |
one or more domains with no address returns a no-such-domain answer, so --address=/example.com/ is equivalent to --server=/example.com/ and returns NXDOMAIN for example.com and all its subdomains. |
| 8 |
|
| 9 |
-John |
| 10 |
Sent from my phone |
| 11 |
|
| 12 |
Simon Thelen <gentoo-user@××××.de> wrote: |
| 13 |
|
| 14 |
>On 15-12-11 at 20:03, thelma@×××××××××××.com wrote: |
| 15 |
>> Does anybody have an idea how to block facebook? |
| 16 |
>The only way to blacklist facebook would be to create a whitelist and |
| 17 |
>drop everything not on said whitelist. |
| 18 |
> |
| 19 |
>If you block DNS, they can use a different DNS server. If you block IP |
| 20 |
>addresses they'll use a proxy/vpn. If you use deep packet inspection |
| 21 |
>they'll use TLS or a VPN or an SSH tunnel. |
| 22 |
> |
| 23 |
>If you can control the systems so that they don't do any of the above, |
| 24 |
>it's possible but you've admitted that you can't (unless you can |
| 25 |
>control all the Virtualbox instances). |
| 26 |
> |
| 27 |
>-- |
| 28 |
>Simon Thelen |
| 29 |
> |
Archives