iptables Domain Block – Permanently Blocking a Domain

blockdomainiptables

Suppose I want to block Facebook permanently. To do this, I have followed following processes:

#host -t a www.facebook.com

Sample output:

www.facebook.com has address 69.171.224.40

Find CIDR

#whois 69.171.224.40 | grep CIDR

Sample output:

CIDR: 69.171.224.0/19

To prevent outgoing access to www.facebook.com

Approach 1:

#iptables -I FORWARD -p tcp -d 69.171.224.0/19 -j DROP

Approach 2:

#iptables -I FORWARD -p tcp -d www.facebook.com -j DROP

Both Approaches work well. In approach 1, IP address may be changed so it will not block Facebook permanently. I don't know about approach 2 whether it will block Facebook permanently or not. If above approaches are not right way to block a domain permanently, how can I do it?

Best Answer

Using squid following thing if you use it do the same.

# Mon to Fry time
acl blockfacebooktime time MTWHF 8:30-8:30
# Domain name
acl blockfacebookdotcom  dstdomain .facebook.com
Related Topic