Firewall: Restrict Access to Social Networks

Buenas tardes
me podrian colaborar indicandome como se restringen las redes sociales con FIREWALL en NethServer.

1 Like


Welcome to the NethServer community.
I am going to translate the original text into English, since it is the language used in this community, to better understand each other.

I’m sorry, but I can’t help you much. But I’m sure any of the NS gurus will be able to help you.
I advise you to read the following links:



Bienvenida a la comunidad de NethServer.
Voy a traducir el texto original al Inglés, ya que es el idioma que se utiliza en esta comunidad, para entendernos todos mejor.

Lo siento, pero yo no te puedo ayudar mucho. Pero seguro que cualquiera de los gurús de NS podrán ayudarte.
Te aconsejo leer los siguientes enlaces:


1 Like

Firewall isn’t the correct place to block social media since you want to block sites not ports my suggestion would be to use proxy or better yet pihole or for a complete block set DNS records for the sites in question to point to a url of your choice (as long as they use your DNS with this option They will be redirected to the url you set)

El cortafuegos no es el lugar correcto para bloquear las redes sociales, ya que desea bloquear los sitios, no los puertos. Mi sugerencia sería usar un proxy o, mejor aún, pihole o para un bloque completo establecer registros DNS para los sitios en cuestión para apuntar a una URL de su elección (siempre que usen su DNS con esta opción, serán redirigidos a la URL que establezca)

1 Like

I’m really sorry, i don’t speak spanish.
You can also add to content filter (proxy) nDPI into the set of tools for blocking unwanted sites.


It never occurred to me that deep packet inspection could be used as a content filter but that makes a lot of sense a simple solution thanks @pike

This is why I love the Nethserver Community while we may all be very intelligent on our own when people think of different ways to fix a solution it opens a lot of possibilities

1 Like

nDPI compared with content filtering or firewall rules (remember, firewall chews IP addresses only, no hostnames) can pay quite a higher toll on CPU usage, so this can be a “costly” tool.

Most important thing, after finding a functional solution, is improve it with lesser rules (faster packet process from the system) and accurate positioning: if is expected to reject a lot of different traffic, deny rules positioned in higher position can speedup a bit the packet process, because for any traffic, rule are processed sequentially until a match!