Bloqueando Facebook

De Wiki Hackstore

iptables

iptables -I OUTPUT -p tcp -m string --algo bm --string "facebook" -m multiport --dport 80,443,5389 -j DROP
iptables -I FORWARD -p tcp -m string --algo bm --string "facebook" -m multiport --dport 80,443,5389 -j DROP

Fake DNS

Para bloquear o Facebook, crie um FakeDNS apontando para 127.0.0.1 conforme exemplo abaixo:

Arquivo /etc/named.conf

options {
        directory "/var/lib/named";
        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";
        #forwarders { 8.8.8.8; 8.8.4.4; };
        listen-on port 53 { 127.0.0.1; 192.168.2.1; 192.168.2.8;};
        listen-on-v6 { any; };
        notify no;
    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};

#############################################

acl internal {
   192.168.2.0/24;
   localhost;
};

acl internal-liberados {
   192.168.2.234;
};

#############################################

view "internal-liberados-view" {
match-clients { internal-liberados; };

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

};

#############################################

view "internal-view" {
match-clients { internal; };

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

zone "facebook.com" in {
       type master;
       file "fakednsfacebook.zone";
};

};


include "/etc/named.conf.include";


Arquivo /var/lib/named/fakednsfacebook.zone

$TTL 1W
@               IN SOA  @   root (
                                43              ; serial (d. adams)
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                IN NS           @
                IN A            127.0.0.1
        IN AAAA     ::1