i'd imagine that putting 'www.facebook.com' in your hosts file will do it, unless the browser ignores /etc/hosts
you could always use the url filtering mechanism of relayd combined with pf redirects, but if people really want to bypass it, they'll do proxyies (via ssh even) or remote desktop or vpn or... why does your personal dislike of Facebook have to affect other network users? Stefan Wollny [stefan.wol...@web.de] wrote: > Hi there, > > having a personal dislike of Facebook (and the MeeToo-systems alike) > for their impertinent sniffing for private data I tried on my laptop to > block facebook.com via hosts-file. Interestingly this failed: Calling > "http://www.facebook.com" always resulted in a lookup for > "httpS://www.facebook.com" and the respective site showed up in the > browser (tried firefox and xombrero). > > Well: Beside excepting the fact that those facebook engineers did a > fine job circumventing the entrys in /etc/hosts I felt immediatly > insecure: The reports on this company's attitude towards even > non-customers privacy are legendary. Their respective track record > earns them the honorable title of "NSA's fittest supporter"... > > Anyway: I think I finally managed to block all their IPs via PF and on > this laptop I now feel a little less 'observed'. [Yes, I know - this is > just today's snapshot of IPs!] > > My question is on the squid-server I have running at home: What > would make more sense - blocking facebook.com via pf.conf alike or are > there reasons to use squid's ACL instead? Performance? Being > ultra-paranoid and implementing both (or even additionally the > hosts-file-block?)? From my understanding squid should not be able to > block https-traffic as it is encrypted - or am I wrong here? > > Curious if there is a particular (Open)BSD solution or simply how you > 'guys and gals' would do it. > > Thank you for sharing your thoughts. > > Cheers, > STEFAN -- It was the Nicolatians who first coined the separation between lay and clergy.