Results 1 to 6 of 6

Thread: Rule to block TLD >adding in wildcards to the Zones does not work (anymore).

  1. #1
    lordpong Guest

    Default Rule to block TLD >adding in wildcards to the Zones does not work (anymore).

    I want to block an entire TLD, but when I try to setup the rule; I can't seem to enter the correct format for the site/host. Here are the combinations I've tried: *.pl .pl pl

    Operating System:Windows Vista Home Premium
    Software Version:8.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Rule to block TLD

    Where are you trying or with what are you trying to block TLDs (sometimes called TLDN) by using the domain names?
    In the ZoneAlarm (and where) or in something else?
    For the browsers and updaters, IMs, email clients or for the entire firewall?
    There are many ways/methods to do this, but the exact objective is needed to be known.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    lordpong Guest

    Default Re: Rule to block TLD

    I want to block Firefox users from accessing any sites in the ".pl" TLD. I want to create a rule that will prevent any application from accessing same.

    I have tried: Firewall, Zones, Add, Site/Host

    This used to work eons ago, back in ZoneAlarm 2.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Rule to block TLD

    Unfortunately adding in wildcards to the Zones does not work (anymore).
    It is now basically an IP/IP range only blocker (even the host name option does a domain lookup and uses the IPs involved).

    There is a lengthy method to block all .pl domains - it involves making a custom block list and then manually adding it to the backup.xml. This is what I do with the Zones - including entire IANA blocks (APNIC, LACNIC, AfriNIC, ford, mit, GE, DoD,etc), troyan, spyware, ads, trackers, counters, spammers, zombies, hacking sites, tor/proxy servers, and pets peeves.
    Basically it involves getting the block list into the ZA v 4 XML format and then simply adding this to and a minor editing of the backup.xml (available only with the paid versions).
    To convert the custom block list (usually the protowall format works well enough) to the ZA v4 xml use either the online convertor or the software application. ( I use the online convertor and it works well).

    http://www.bluetack.co.uk/converter/

    [If you are interested in the IANA IPv4 addresses spaces for the IANA blocks, the list is found here:

    http://www.iana.org/assignments/ipv4-address-space/]



    or the software:

    http://www.bluetack.co.uk/forums/ind...etails&f_id=61

    Using a list for .pl (poland) can be found here and later edited:

    http://www.proxyserverprivacy.com/ipaddress_range.php

    example of only one shown item from the results needed for the editing for the list to become suitable for the convertor:

    217.96.0.0 217.99.255.255

    becomes:

    Poland:217.96.0.0-217.99.255.255

    Other lists which are perfectly suitable for the convertor are found here:

    http://iblocklist.com/lists.php

    and here:

    http://blocklistpro.com/download-center/ip-filters/

    To edit the ZA's backup.xml is well described here (yes it does say the peer guardian, but the raw lists in the .xml format are suitable whether or not they are for the protowall or the peer guardian. And the ZA backup.xml format has not had any major re-write, so the technique works fine):

    http://forums.phoenixlabs.org/archiv...hp?t-2115.html

    Another alterntive web site for IP blocks for a specific country is found here (although the first url is in CIDR format and not in the IP ranges):

    http://www.ipdeny.com/ipblocks/

    and here:

    http://www.ipaddresslocation.org/ip_...get_ranges.php
    <hr>
    Okay, next suggestion.
    The "adblock plus" for the firefox should be able to use wildcards for TLDs (or however you are blocking in the Firefox, as I am a very strict Opera user and have only a little knowledge of the exact ins and outs for the Mozilla/Firefox/Gecko browsers).
    You tried *.pl .pl pl
    What about these wildcards?:
    *.*.pl.*
    *.pl.*
    *.*.pl/*
    *.pl/*

    (I think the *.pl* wildcard would be seen by the browser as block any *.pl string such as *.plough or *.plow or *.please. But I could be wrong.)

    Maybe even these would work (not sure about the exact syntax involved):

    *\.pl.*
    or
    *\.pl.*\.*
    or more than likely this one:

    /.*\.pl.*
    <hr>

    Another suggestion (yes it involves another software) is to use a desktop proxy software such as Privoxy ( I use this for my browsers and updaters, media players, etc). This works fine for all http traffic (not https or ftp or pop3, etc).
    Basically my special oldsod.action file includes this:


    ################################################## ###########################
    ### Block most of the TLDs (top leve domains) as per iana listing.
    ### The exceptions to the list are .ca, .com, .de, and a few others.
    ### Special domains of concern are .biz, .cc, .cm, .cn, .ru, .ws, etc
    ### Includes several alternative DNS roots (often referred to as alt roots)
    ### Exceptions to this list are to be added to the { -block -handle-as-image }

    {+block -handle-as-image}

    .ac
    .ad
    .ae
    .aero
    .af
    .ag
    .ai
    .al
    .am
    .an
    .ao
    .aq
    .ar
    .arpa
    .as
    .asia
    .at
    .aw
    .ax
    .az
    .ba
    .bb
    .bbs
    .bd
    .be
    .bf
    .bg
    .bh
    .bi
    .bj
    .biz
    .bm
    .bn
    .bo
    .br
    .bs
    .bt
    .bw
    .by
    .bz
    .cat
    .cc
    .cd
    .cf
    .cg
    .ch
    .cl
    .cm
    .cn
    .co
    .coop
    .cr
    .cu
    .cv
    .cx
    .cz
    .dj
    .dk
    .dm
    .do
    .dyn
    .dz
    .ec
    .ee
    .eg
    .er
    .es
    .et
    .fi
    .fj
    .fk
    .fm
    .fo
    .fr
    .free
    .ga
    .gb
    .gd
    .ge
    .gf
    .gg
    .gh
    .gi
    .gl
    .glue
    .gm
    .gn
    .gov
    .gp
    .gq
    .gr
    .gs
    .gt
    .gu
    .gw
    .gy
    .hk
    .hm
    .hn
    .hr
    .ht
    .hu
    .hu
    .id
    .ie
    .il
    .im
    .in
    .indy
    .info
    .int
    .internal
    .io
    .iq
    .ir
    .is
    .it
    .je
    .jm
    .jobs
    .jp
    .ke
    .kg
    .kh
    .ki
    .km
    .kn
    .kp
    .kr
    .kw
    .ky
    .kz
    .la
    .lb
    .lc
    .li
    .lk
    .local
    .lr
    .ls
    .lt
    .lu
    .lv
    .ly
    .ma
    .mc
    .md
    .me
    .mg
    .mh
    .mil
    .mk
    .ml
    .mm
    .mo
    .mobi
    .mp
    .mq
    .mr
    .ms
    .mt
    .mud
    .museum
    .mw
    .mw
    .my
    .mx
    .mz
    .na
    .name
    .nato
    .nc
    .ne
    .ni
    .ng
    .no
    .np
    .nr
    .nu
    .null
    .nz
    .om
    .onion
    .oss
    .pa
    .parody
    .pe
    .pf
    .pg
    .ph
    .pk
    .pl
    .pm
    .pn
    .pr
    .pro
    .ps
    .pt
    .pw
    .py
    .qa
    .re
    .ro
    .rs
    .ru
    .rw
    .sa
    .sb
    .sc
    .sd
    .se
    .sg
    .sh
    .si
    .site
    .sj
    .sk
    .sl
    .sm
    .sn
    .so
    .sr
    .st
    .su
    .sv
    .swift
    .sy
    .sz
    .tc
    .td
    .tel
    .tf
    .tg
    .th
    .tj
    .tk
    .tl
    .tm
    .tn
    .to
    .tp
    .tr
    .travel
    .tt
    .tv
    .tw
    .tz
    .ua
    .ug
    .us
    .uz
    .uy
    .uz
    .va
    .vc
    .ve
    .vg
    .vi
    .vn
    .vu
    .wf
    .ws
    ,xn
    .ye
    .yt
    .yu
    .za
    .zm
    .zw

    {-block -handle-as-image}

    .[a-z][a-z].us
    .del.icio.us
    .co.uk.
    .imageshack.us.
    www.zonealarm.com.au
    operawiki.info

    E.O.F.

    Note: the {+block -handle-as-image} means the url/header gets blocked but still leaves the option "to go there anyways" (seen in the browser). Using {+block +handle-as-image} (the - changed to +) means I would never see the Privoxy warning and the url/header would be blocked silently and I would never know why the site never loads or even realise a site was blocked by the Privoxy. But this is my own machine and I am the only user, so I keep control and not have to worry about other users mischief).
    Also the {-block -handle-as-image} is bascially a short list of exceptions to the preceding block list, thus allowing me to go smoothly/uninterupted to the domains and sites added to this exceptions list.
    <hr>

    Another approach is use a DNS server such as opendns.com
    Set the computer and/or router (if this is your dns server for the computer) for the opendns.com server, then open an account with them. Once in the account you can customize your domain name lookups - this would include both content and domains such as .pl.
    Kind of a fool proof way - nothing can be tinkered with as the dns server is blocking the connections (only work around would be knowing the exact IP numbers involved).
    <hr>

    Last but not the least, there is blocking possibility with a router/gateway.
    Usually the router will accept a list names to block from the url/header.
    I suppose the .pl would do the trick.
    Again this can be blocked silently with out the computer user really knowing the .pl domain was blocked, but this could backfire and certain sites such as .plough, .plow and .please could be inadvertantly blocked off at the same time.
    <hr>
    There you go - block different ways using different approaches.

    Oldsod.
    Best regards.
    oldsod

  5. #5
    lordpong Guest

    Default Re: Rule to block TLD

    Thank you! I chose the OpenDNS solution

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Rule to block TLD

    Have a nice weekend.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZA ISS Blue Screen when adding FW rule
    By cbayes in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: May 20th, 2010, 07:16 PM
  2. Block Expert Rule
    By alejandra in forum ZoneAlarm Configuration
    Replies: 0
    Last Post: April 5th, 2009, 08:16 AM
  3. Expert Rule not Working - Block IP address.
    By zeud in forum ZoneAlarm Configuration
    Replies: 2
    Last Post: January 7th, 2008, 04:14 AM
  4. Using a firewall rule to block email domains...
    By rs9 in forum Anti-spam & Parental Controls
    Replies: 2
    Last Post: May 30th, 2006, 03:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •