You can


Recommended Posts

Unless the router has filtering per machine it really doesn't help me in my case. I have everything blocked in my hosts file, while my wife has to have everything in the clear. Meh.

I feel your pain. Women.

Link to comment
Share on other sites

I've been able to accomplish this at the router level and by device connection. Here is what I've done:

I'm using an ip level OpenDNS enforcement on my linksys router. The router has been flashed to run DD-WRT. The integrated DHCP server lets me set IP reservations on MAC addresses. From there I can add iptable entries on the router which act as a NAT style gateway (or something similar to that). The iptable entries enforce that all DNS lookups point to OpenDNS. The router also pings OpenDNS whenever my ip address changes so that OpenDNS can continue to service my devices and know what my settings are. From OpenDNS I can block social networks.

So yeah, that's how I've been able to achieve site blocking on the router level that individualized to each device (i.e., some devices are blocked, other devices are completely open). The only issue is that this doesn't technically block the IP address...it just makes it a pain in the ass to use the Internet in zones that are not allowed.

The way my router is configured, if the user puts in a static IP address they can easily bypass the lock-in to OpenDNS. However, just adding additional DNS entries to a network connection will not get around the block (all DNS calls are forcefully routed to OpenDNS for IP addresses on a list).

I have had issues blocking Facebook on the iOS app, however... I think it uses an IP address range built into the app and doesn't even do any DNS lookups.

I think it is possible to change the iptable entries to use MAC addresses instead of IP addresses but I haven't explored that yet. This would probably be a more reliable setup that is more difficult to tweak on the end user. My setup is optimistic in that any new device is given the default service provider DNS and only IP addresses specified are forcefully routed through OpenDNS.

Let me know if you want more detail about my setup.

Link to comment
Share on other sites

One of the primary reasons for owning a computer is Facebook? lol!! I think not :laugh:

You find the notion that someone who has no interest going online other than to use Facebook to keep in touch with their families (children that have moved out, extended family living in another country / state) that hilarious?

I'm not judging, when I'm tired I find a lot of things hilarious. Then again, I don't make those things the basis of my forum posts...

For the sake of one's security, it should be blocked permanently and forgotten about, so no, not trolling, I'm serious :)

I'm willing to accept the premise that potentially, banner ads on FB may load malicious content if it slipped past their filtering systems due to human error. But that can be fixed with an adblocker such as AdBlock Plus or similar.

Could you elaborate on why Facebook specifically should be blocked for security reasons?

I'm going to assume you're not one of those people who cry about privacy concerns - while that premise may be valid for discussions regarding job applicants being turned down due to what FB reveals to their boss, it's not reapply applicable for Joe Granddad that's keeping in touch with his grown-up children and possibly also grandchildren (if they're old enough to use a computer).

Link to comment
Share on other sites

This topic is now closed to further replies.