justino garcia | 4 Jun 06:18 2010
Picon

block facebook twitter and youtube pfsense

How does one go by blocking facebook twitter and youtube also how does
one autoblock malicous sites
Thanks
Justin

--

-- 
Justin
IT-TECH

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

David Burgess | 4 Jun 06:19 2010
Picon

Re: block facebook twitter and youtube pfsense

On Thu, Jun 3, 2010 at 10:18 PM, justino garcia
<jgarciaitlist@...> wrote:
> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites

opendns is one way.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Michel Servaes | 4 Jun 13:58 2010
Picon

Re: block facebook twitter and youtube pfsense

> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites
> Thanks
> Justin

Install the proxy package, and use squidguard to block keywords...
Though I must say, the package only works best on a true pc/server
with a harddisk - not recommended on an Alix board.

An option to use an USB drive as temporary storage for caching sites,
would be a nice option...

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

justino garcia | 4 Jun 14:13 2010
Picon

Re: block facebook twitter and youtube pfsense

Thanks

On Fri, Jun 4, 2010 at 7:58 AM, Michel Servaes <michel <at> mcmc.be> wrote:
> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites
> Thanks
> Justin

Install the proxy package, and use squidguard to block keywords...
Though I must say, the package only works best on a true pc/server
with a harddisk - not recommended on an Alix board.

An option to use an USB drive as temporary storage for caching sites,
would be a nice option...

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org




--
Justin
IT-TECH
Michel Servaes | 4 Jun 14:49 2010
Picon

Re: block facebook twitter and youtube pfsense

> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites
> Thanks
> Justin
>

By the way : I didn't solve this by using squidguard (I've used to use
this solution), but now we have an antivirus capable of blocking
categories (webmail, social networksites, ...)
This can be managed by computername, which is quite good to block only
several computers of abusing the net...

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Luke Jaeger | 4 Jun 14:55 2010

Re: block facebook twitter and youtube pfsense

We use squidguard in combination with shallalist (www.shallalist.de)  
to block sites by category (malware, porn, gambling, etc).
You can also add individual domains to your blacklist by hand.
Works great.

Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org

On Jun 4, 2010, at 12:18 AM, justino garcia wrote:

> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites
> Thanks
> Justin
>
> -- 
> Justin
> IT-TECH
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
>
> Commercial support available - https://portal.pfsense.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Luis G. Coralle | 4 Jun 16:41 2010
Picon

Re: block facebook twitter and youtube pfsense



2010/6/4 Luke Jaeger <admin-lUGeg8hjw6g@public.gmane.org>
We use squidguard in combination with shallalist (www.shallalist.de) to block sites by category (malware, porn, gambling, etc).
You can also add individual domains to your blacklist by hand.
Works great.


Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org


On Jun 4, 2010, at 12:18 AM, justino garcia wrote:

How does one go by blocking facebook twitter and youtube also how does
one autoblock malicous sites
Thanks
Justin

--
Justin
IT-TECH

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



Hi, squid no caching https pages. Facebook have https too ( https://www.facebook.com/ )
To block this you have to add rule like:

Destination:
Type: Network
Address: 66.220.144.0/20


See:
- http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
- whois 69.63.189.16



--
Luis G. Coralle
Departamento de Informática
Facultad de Ciencias Médicas
Universidad Nacional del Comahue
Av. Luis Toschi y Los Arrayanes
Cipolletti - Río Negro
Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140
http://medicina.uncoma.edu.ar/
Kai Lan | 4 Jun 17:29 2010

Re: block facebook twitter and youtube pfsense

I think the easiest way is over ride the dns. Or make the ips routed to a wrong destination by adding a static route rule.

Regards,

Kai

On 4 Jun 2010, at 15:41, "Luis G. Coralle" <luiscoralle-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:



2010/6/4 Luke Jaeger <admin-lUGeg8hjw6g@public.gmane.org>
We use squidguard in combination with shallalist (www.shallalist.de) to block sites by category (malware, porn, gambling, etc).
You can also add individual domains to your blacklist by hand.
Works great.


Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org


On Jun 4, 2010, at 12:18 AM, justino garcia wrote:

How does one go by blocking facebook twitter and youtube also how does
one autoblock malicous sites
Thanks
Justin

--
Justin
IT-TECH

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe <at> pfsense.com
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe <at> pfsense.com
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



Hi, squid no caching https pages. Facebook have https too ( https://www.facebook.com/ )
To block this you have to add rule like:

Destination:
Type: Network
Address: 66.220.144.0/20


See:
- http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
- whois 69.63.189.16



--
Luis G. Coralle
Departamento de Informática
Facultad de Ciencias Médicas
Universidad Nacional del Comahue
Av. Luis Toschi y Los Arrayanes
Cipolletti - Río Negro
Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140
http://medicina.uncoma.edu.ar/
Jaye Mathisen | 4 Jun 20:28 2010

Re: block facebook twitter and youtube pfsense

openDNS can help with this as well.

2010/6/4 Kai Lan <lk9100 <at> me.com>
I think the easiest way is over ride the dns. Or make the ips routed to a wrong destination by adding a static route rule.

Regards,

Kai

On 4 Jun 2010, at 15:41, "Luis G. Coralle" <luiscoralle-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:



2010/6/4 Luke Jaeger <admin-lUGeg8hjw6g@public.gmane.org>
We use squidguard in combination with shallalist (www.shallalist.de) to block sites by category (malware, porn, gambling, etc).
You can also add individual domains to your blacklist by hand.
Works great.


Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org


On Jun 4, 2010, at 12:18 AM, justino garcia wrote:

How does one go by blocking facebook twitter and youtube also how does
one autoblock malicous sites
Thanks
Justin

--
Justin
IT-TECH

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org



Hi, squid no caching https pages. Facebook have https too ( https://www.facebook.com/ )
To block this you have to add rule like:

Destination:
Type: Network
Address: 66.220.144.0/20


See:
- http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
- whois 69.63.189.16



--
Luis G. Coralle
Departamento de Informática
Facultad de Ciencias Médicas
Universidad Nacional del Comahue
Av. Luis Toschi y Los Arrayanes
Cipolletti - Río Negro
Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140
http://medicina.uncoma.edu.ar/

Tim Dressel | 4 Jun 21:03 2010
Picon

Re: block facebook twitter and youtube pfsense

We used openDNS at all our schools but we just finished putting all
our schools behind a single firewall so that didn't fly. We had to go
to a commercial filter product unfortunately. We did consider throwing
up DNS servers all over the place but it would have become ugly to
manage.

On Fri, Jun 4, 2010 at 11:28 AM, Jaye Mathisen <mrcpu@...> wrote:
> openDNS can help with this as well.
>
> 2010/6/4 Kai Lan <lk9100@...>
>>
>> I think the easiest way is over ride the dns. Or make the ips routed to a
>> wrong destination by adding a static route rule.
>>
>> Regards,
>> Kai
>> On 4 Jun 2010, at 15:41, "Luis G. Coralle" <luiscoralle@...> wrote:
>>
>>
>>
>> 2010/6/4 Luke Jaeger <admin@...>
>>>
>>> We use squidguard in combination with shallalist (www.shallalist.de) to
>>> block sites by category (malware, porn, gambling, etc).
>>> You can also add individual domains to your blacklist by hand.
>>> Works great.
>>>
>>>
>>> Luke Jaeger | Technology Coordinator
>>> Pioneer Valley Performing Arts Charter Public School
>>> www.pvpa.org
>>>
>>> On Jun 4, 2010, at 12:18 AM, justino garcia wrote:
>>>
>>>> How does one go by blocking facebook twitter and youtube also how does
>>>> one autoblock malicous sites
>>>> Thanks
>>>> Justin
>>>>
>>>> --
>>>> Justin
>>>> IT-TECH
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: support-unsubscribe@...
>>>> For additional commands, e-mail: support-help@...
>>>>
>>>> Commercial support available - https://portal.pfsense.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: support-unsubscribe@...
>>> For additional commands, e-mail: support-help@...
>>>
>>> Commercial support available - https://portal.pfsense.org
>>>
>>
>>
>> Hi, squid no caching https pages. Facebook have https too (
>> https://www.facebook.com/ )
>> To block this you have to add rule like:
>>
>> Destination:
>> Type: Network
>> Address: 66.220.144.0/20
>>
>>
>> See:
>> - http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
>> - whois 69.63.189.16
>>
>>
>>
>> --
>> Luis G. Coralle
>> Departamento de Informática
>> Facultad de Ciencias Médicas
>> Universidad Nacional del Comahue
>> Av. Luis Toschi y Los Arrayanes
>> Cipolletti - Río Negro
>> Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140
>> http://medicina.uncoma.edu.ar/
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Ryan | 4 Jun 21:19 2010

PFsense 2.0 SMTP notifications.

Sorry if this gets sent twice, I forgot to put a subject <smacks self in head>
I finally got a chance t play with the new version 2.0 beta.  I must say, I like what I see so far.  Thanks

I see there is a place under Advanced > Notifications for an smtp server for noticfications.  What is
considered an Alert that would be sent by these notifications?  Is there a place to adjust this.  I mainly and
looking for a notice that a gateway id down.  Thanks for the help.

Ryan

__________ Information from ESET NOD32 Antivirus, version of virus signature database 5173 (20100604) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus signature database 5173 (20100604) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Jim Pingle | 4 Jun 21:28 2010

Re: PFsense 2.0 SMTP notifications.

On 6/4/2010 3:19 PM, Ryan wrote:
> Sorry if this gets sent twice, I forgot to put a subject <smacks self in head>
> I finally got a chance t play with the new version 2.0 beta.  I must say, I like what I see so far.  Thanks
> 
> I see there is a place under Advanced > Notifications for an smtp server for noticfications.  What is
considered an Alert that would be sent by these notifications?  Is there a place to adjust this.  I mainly and
looking for a notice that a gateway id down.  Thanks for the help.

Anything that would show up in the top bar as an alert. Gateway failures
aren't counted among those, however. Things like CARP changeovers would
do that, and some other major things.

I have some ideas for beefing that area up. I'm interesting in having an
HDD space notification, and I know there are probably other general
triggers that people would like to see (high load average, high swap
usage, etc)

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Ryan | 4 Jun 21:34 2010

RE: PFsense 2.0 SMTP notifications.


> 
> Anything that would show up in the top bar as an alert. 
> Gateway failures aren't counted among those, however. Things 
> like CARP changeovers would do that, and some other major things.
> 
> I have some ideas for beefing that area up. I'm interesting 
> in having an HDD space notification, and I know there are 
> probably other general triggers that people would like to see 
> (high load average, high swap usage, etc)
> 
> Jim
> 
Thanks for the quick reply.  With our failover setup like it is, one of our internet goes down sometimes and I
don't ever realise (great router).  I would just like an email of these events so I could check an see whats
going on.  Or at least know it went down.  I agree that other alerts would be great as well.  System rebooted,
state table maxing out, CPU maxing out just to think of a few.  I love that smtp is here now.  It gives alot of potential.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tiago | 4 Jun 21:42 2010
Picon

First doubt

Hello

This is my first post....

I started with pfsense 2 weeks ago and until now I'm getting happy with then....

Well, nowadays I need to block (or limit) MSN, Google Talk, Yahoo Messenger etc... in my company

I downloaded IMSpector package but I can't view the logs messages. I put this settings....

Interfaces -  LAN
Listen on protocols, all selected (MSN, ICQ etc...)
Enable file logging - enabled
I didn't configure MySQL - Is it necessary???? Mandatory??
In ACL whitelist I put localuser (to allow full access) Am I right??

What's the next steps?

Or

Is it possible to block this kind of programs?? Because I've read some posts in this forum and people are
having a lot of problem to block this....

What is your opinion??

This is my last tentative before dismiss the employed

Tiago Picon 
DESENVOLVIMENTO

Scenario - Automação Residencial 
(16) 3368-3399 - São Carlos 
tpicon@...
www.scenario.ind.br

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Kai Lan | 4 Jun 21:54 2010

Re: First doubt

I am currently using a free filter called panabit, freebsd based; and pfsense does nat, firewall.

On 4 Jun 2010, at 20:42, Tiago <tpicon@...> wrote:

> Hello
> 
> This is my first post....
> 
> I started with pfsense 2 weeks ago and until now I'm getting happy with then....
> 
> 
> Well, nowadays I need to block (or limit) MSN, Google Talk, Yahoo Messenger etc... in my company
> 
> I downloaded IMSpector package but I can't view the logs messages. I put this settings....
> 
> 
> Interfaces -  LAN
> Listen on protocols, all selected (MSN, ICQ etc...)
> Enable file logging - enabled
> I didn't configure MySQL - Is it necessary???? Mandatory??
> In ACL whitelist I put localuser (to allow full access) Am I right??
> 
> What's the next steps?
> 
> Or
> 
> Is it possible to block this kind of programs?? Because I've read some posts in this forum and people are
having a lot of problem to block this....
> 
> What is your opinion??
> 
> This is my last tentative before dismiss the employed
> 
> Tiago Picon 
> DESENVOLVIMENTO
> 
> Scenario - Automação Residencial 
> (16) 3368-3399 - São Carlos 
> tpicon@...
> www.scenario.ind.br
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
> 
> Commercial support available - https://portal.pfsense.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tiago | 8 Jun 18:24 2010
Picon

RES: First doubt

Thanks kai lan, I will study your solution

Tiago Picon 
DESENVOLVIMENTO

Scenario - Automação Residencial 
(16) 3368-3399 - São Carlos 
tpicon@...
www.scenario.ind.br

-----Mensagem original-----
De: Kai Lan [mailto:lk9100@...] 
Enviada em: sexta-feira, 4 de junho de 2010 16:55
Para: support@...
Assunto: Re: [pfSense Support] First doubt

I am currently using a free filter called panabit, freebsd based; and pfsense does nat, firewall.

On 4 Jun 2010, at 20:42, Tiago <tpicon@...> wrote:

> Hello
> 
> This is my first post....
> 
> I started with pfsense 2 weeks ago and until now I'm getting happy with then....
> 
> 
> Well, nowadays I need to block (or limit) MSN, Google Talk, Yahoo Messenger etc... in my company
> 
> I downloaded IMSpector package but I can't view the logs messages. I put this settings....
> 
> 
> Interfaces -  LAN
> Listen on protocols, all selected (MSN, ICQ etc...)
> Enable file logging - enabled
> I didn't configure MySQL - Is it necessary???? Mandatory??
> In ACL whitelist I put localuser (to allow full access) Am I right??
> 
> What's the next steps?
> 
> Or
> 
> Is it possible to block this kind of programs?? Because I've read some posts in this forum and people are
having a lot of problem to block this....
> 
> What is your opinion??
> 
> This is my last tentative before dismiss the employed
> 
> Tiago Picon 
> DESENVOLVIMENTO
> 
> Scenario - Automação Residencial 
> (16) 3368-3399 - São Carlos 
> tpicon@...
> www.scenario.ind.br
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
> 
> Commercial support available - https://portal.pfsense.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tiago | 8 Jun 18:33 2010
Picon

Is it possible?

Hello guys

Forgive me for the newbie question...but I couldn’t find the solution yet

How can I block some sites through the IP address?

For instance: I need to block www.hotmail.com  only for IP 172.16.0.54

What Do I need to do?

Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

David Burgess | 8 Jun 18:47 2010
Picon

Re: Is it possible?

On Tue, Jun 8, 2010 at 10:33 AM, Tiago <tpicon@...> wrote:

> How can I block some sites through the IP address?
>
> For instance: I need to block www.hotmail.com  only for IP 172.16.0.54

Any site can be blocked by IP address in the firewall. For example,
create a block rule on LAN with source address 172.16.0.54 and
destination of whatever IP you want to block. For blocks or ranges of
addresses it may be easier to use an alias (Firewall>Aliases). Other
large sites (possibly hotmail?) may have unmanageably large pools of
IP addresses behind them. In this case you will need something a
little more sophisticated for filtering, such as has been discussed
quite a bit on this list in the past month.

db

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Andrew Cotter | 8 Jun 18:51 2010

RE: Is it possible?

> -----Original Message-----
> From: Tiago [mailto:tpicon@...] 
> Sent: Tuesday, June 08, 2010 12:33 PM
> To: support@...
> Subject: [pfSense Support] Is it possible?
> 
> Hello guys
> 
> Forgive me for the newbie question...but I couldn't find the 
> solution yet
> 
> How can I block some sites through the IP address?
> 
> For instance: I need to block www.hotmail.com  only for IP 172.16.0.54
> 
> What Do I need to do?
> 
> Thanks
> 

Create a block rule for what is probably your LAN network (may vary
depending on setup).  Make sure your rule is before anything (top of the
list) that would allow like an "allow all" rule.

If you need more of an example let me know.

Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tiago | 8 Jun 20:57 2010
Picon

RES: Is it possible?

Thanks Andrew and David

I understand, but would be great if If I do a rule that have a address like:

login.live.com

but when I try to do this, I receive the error

A valid destination IP address or alias must be specified.

I tried to do a firewall>Aliases but they ask me a valid IP... but
login.live.com change the IP sometimes...
What is your advice?

Thanks a lot

Tiago Picon 
DESENVOLVIMENTO

Scenario - Automação Residencial 
(16) 3368-3399 - São Carlos 
tpicon@...
www.scenario.ind.br

-----Mensagem original-----
De: Andrew Cotter [mailto:andrew.cotter@...] 
Enviada em: terça-feira, 8 de junho de 2010 13:51
Para: support@...
Assunto: RE: [pfSense Support] Is it possible?

> -----Original Message-----
> From: Tiago [mailto:tpicon@...] 
> Sent: Tuesday, June 08, 2010 12:33 PM
> To: support@...
> Subject: [pfSense Support] Is it possible?
> 
> Hello guys
> 
> Forgive me for the newbie question...but I couldn't find the 
> solution yet
> 
> How can I block some sites through the IP address?
> 
> For instance: I need to block www.hotmail.com  only for IP 172.16.0.54
> 
> What Do I need to do?
> 
> Thanks
> 

Create a block rule for what is probably your LAN network (may vary
depending on setup).  Make sure your rule is before anything (top of the
list) that would allow like an "allow all" rule.

If you need more of an example let me know.

Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Michel Servaes | 8 Jun 21:03 2010
Picon

Re: RES: Is it possible?


> I understand, but would be great if If I do a rule that have a address like:
>
> login.live.com
>
> but when I try to do this, I receive the error
>
> A valid destination IP address or alias must be specified.
>
> I tried to do a firewall>Aliases but they ask me a valid IP... but
> login.live.com change the IP sometimes...
> What is your advice?
>    
>
You can't add a DNS name in an IP field !
You should only add IP's in this list - but that would make you have to 
enter dozens and dozens of ip's.

You'd probably be better of, using squidguard - but then again, this 
won't stop them from using https !!

I am using trendmicro worry free solution, which has a built in URL 
filter based on per category... I almost always have to add the category 
"social networking" and "webmail"... these will block them from using 
facebook and/or hotmail/gmail and the alikes !!

kind regards,
Michel

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Evgeny Yurchenko | 8 Jun 21:09 2010

Re: RES: Is it possible?

Michel Servaes wrote:
>
>> I understand, but would be great if If I do a rule that have a 
>> address like:
>>
>> login.live.com
>>
>> but when I try to do this, I receive the error
>>
>> A valid destination IP address or alias must be specified.
>>
>> I tried to do a firewall>Aliases but they ask me a valid IP... but
>> login.live.com change the IP sometimes...
>> What is your advice?
>>   
> You can't add a DNS name in an IP field !
> You should only add IP's in this list - but that would make you have 
> to enter dozens and dozens of ip's.
>
> You'd probably be better of, using squidguard - but then again, this 
> won't stop them from using https !!
>
> I am using trendmicro worry free solution, which has a built in URL 
> filter based on per category... I almost always have to add the 
> category "social networking" and "webmail"... these will block them 
> from using facebook and/or hotmail/gmail and the alikes !!
>
> kind regards,
> Michel
BTW 
http://doc.pfsense.org/index.php/Blocking_websites#Using_Firewall_Rules 
has an error I think.
"You can enter a hostname in a network alias, and then apply that alias 
to a block rule. Note the hostname will only be resolved when the filter 
rules are loaded, so you will want to schedule a filter reload with 
cron."!?!?!?

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tiago | 8 Jun 21:21 2010
Picon

RES: RES: Is it possible?

Ok guys

I will try your advices...but I'm a newbie yet. So I will take a time to
post the results Lol...
But I will as soon as possible

Thanks a lot

Tiago Picon 
DESENVOLVIMENTO

Scenario - Automação Residencial 
(16) 3368-3399 - São Carlos 
tpicon@...
www.scenario.ind.br

-----Mensagem original-----
De: Michel Servaes [mailto:michel@...] 
Enviada em: terça-feira, 8 de junho de 2010 16:03
Para: support@...
Assunto: Re: RES: [pfSense Support] Is it possible?

> I understand, but would be great if If I do a rule that have a address
like:
>
> login.live.com
>
> but when I try to do this, I receive the error
>
> A valid destination IP address or alias must be specified.
>
> I tried to do a firewall>Aliases but they ask me a valid IP... but
> login.live.com change the IP sometimes...
> What is your advice?
>    
>
You can't add a DNS name in an IP field !
You should only add IP's in this list - but that would make you have to 
enter dozens and dozens of ip's.

You'd probably be better of, using squidguard - but then again, this 
won't stop them from using https !!

I am using trendmicro worry free solution, which has a built in URL 
filter based on per category... I almost always have to add the category 
"social networking" and "webmail"... these will block them from using 
facebook and/or hotmail/gmail and the alikes !!

kind regards,
Michel

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Michel Servaes | 8 Jun 21:21 2010
Picon

Re: RES: RES: Is it possible?


Op 8/06/2010 21:21, Tiago schreef:
> Ok guys
>
> I will try your advices...but I'm a newbie yet. So I will take a time to
> post the results Lol...
> But I will as soon as possible
>
> Thanks a lot
>
>    
We all were newbies sometime :) (guess I'm a midbie :) )

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Kurt Buff | 4 Jun 21:21 2010
Picon

Re: block facebook twitter and youtube pfsense

On Thu, Jun 3, 2010 at 21:18, justino garcia
<jgarciaitlist@...> wrote:
> How does one go by blocking facebook twitter and youtube also how does
> one autoblock malicous sites
> Thanks
> Justin
>
> --
> Justin
> IT-TECH

If you have a DNS server for internal use in your org, consider
putting zones on it that are authoritative for the sites you wish to
block, then putting in a wildcard entry that points to 127.0.0.1

I do that for all of the sites you mention, plus a few others.

For the actually malicious stuff, the recommendations for
squid/squidguard are spot on.

Kurt

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Ryan | 4 Jun 21:26 2010

RE: block facebook twitter and youtube pfsense


> 
> If you have a DNS server for internal use in your org, 
> consider putting zones on it that are authoritative for the 
> sites you wish to block, then putting in a wildcard entry 
> that points to 127.0.0.1
> 
> I do that for all of the sites you mention, plus a few others.
> 

I do this for a few sites myself using the dns server in PFsense.  I forward to an internal webserver that has a
page that says Get to work and says some lie about All internet traffic is monitored and repeated attempts
to access this site will be sent to your supervsior.   It's not perfect, but it works well for our user.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Tim Nelson | 4 Jun 21:30 2010

Re: block facebook twitter and youtube pfsense

----- "Ryan" <Radiotech1@...> wrote:
> > 
> > If you have a DNS server for internal use in your org, 
> > consider putting zones on it that are authoritative for the 
> > sites you wish to block, then putting in a wildcard entry 
> > that points to 127.0.0.1
> > 
> > I do that for all of the sites you mention, plus a few others.
> > 
> 
> I do this for a few sites myself using the dns server in PFsense.  I
> forward to an internal webserver that has a page that says Get to work
> and says some lie about All internet traffic is monitored and repeated
> attempts to access this site will be sent to your supervsior.   It's
> not perfect, but it works well for our user.
> 

Agreed. I use this method at several locations as well. The DNS server that is authoritative for those
domains is on a different subnet/interface as well so I can use a NAT rule to ensure *ALL* DNS traffic is
forced to go through that DNS server. It really is pretty slick. However, the more savvy users will just
find some proxy out there to use. 'Proxy' has become a new buzzword for the social networking crowd as of
late it seems...

--Tim

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Yehuda Katz | 4 Jun 21:54 2010
Picon

Re: block facebook twitter and youtube pfsense

On Fri, Jun 4, 2010 at 3:30 PM, Tim Nelson <tnelson-f4DZ+GDyDBaakBO8gow8eQ@public.gmane.org> wrote:
However, the more savvy users will just find some proxy out there to use. 'Proxy' has become a new buzzword for the social networking crowd as of late it seems...

It doesn't even require a very savvy user. There are free email lists which notify you by email of new proxy sites (peacefire.org).
Besides that, don't forget that many sites can be accessed just by their IP addresses.
Kurt Buff | 4 Jun 22:23 2010
Picon

Re: block facebook twitter and youtube pfsense

On Fri, Jun 4, 2010 at 12:54, Yehuda Katz <yehuda@...> wrote:
> On Fri, Jun 4, 2010 at 3:30 PM, Tim Nelson <tnelson@...> wrote:
>>
>> However, the more savvy users will just find some proxy out there to use.
>> 'Proxy' has become a new buzzword for the social networking crowd as of late
>> it seems...
>
> It doesn't even require a very savvy user. There are free email lists which
> notify you by email of new proxy sites (peacefire.org).
> Besides that, don't forget that many sites can be accessed just by their IP
> addresses.

And that's why I'm also thinking of blocking by MIME type - flv
content in particular.

Kurt

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org


Gmane