That approach is full of holes, of course, as using a public proxy can defeat it, and you're also blocking *everything*, including email servers, etc...
If the primary concern is blocking users from surfing facebook, amithapr may be able to leverage relayd for that and not have to resort to a ASN block =)
Really depends on exactly what level of lockdown is required. I have teenagers who have proven that social media is far too strong a temptation over getting homework done, so I've had a get creative in my approaches.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
|