first, welcome to the IPFire community.
Second, blocking domain names is tricky if your client does not use a web proxy (which is most probably going to work in case Discord is accessed via a common web browser, however, I would be surprised to hear a Discord smartphone app being able to deal with proxies): For security reasons, IPFire does not support firewall rules based on FQDNs, since this opens up a large attack surface in case that FQDN is not DNSSEC-signed or the domain owner bypasses restrictions by propagating certain IPs.
discord.com seems to be hosted on dedicated IPs within AS13335 (Cloudflare, Inc.):
user@machine:~> dig +short a discord.com
As long as this setup stays that way, you might want to drop HTTP(S) traffic to those IP addresses from your son’s device within a certain timeframe. This breaks if:
discord.com moves to new IP addresses,
- those IPs become shared ones so blocking them entirely causes too much collateral damage to legitimate web sites,
- Discord services (i. e. for app communication) are hosted somewhere else.
For further information regarding firewall rules, please refer to the corresponding documentation. IPFire’s web proxy and its capabilities is documented here.
Thanks, and best regards,
P.S.: To my surprise,
discord.com is even DNSSEC-signed:
user@machine:~> dig soa discord.com
; <<>> DiG 9.11.2 <<>> soa discord.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63771
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;discord.com. IN SOA
;; ANSWER SECTION:
discord.com. 3600 IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 2035173740 10000 2400 604800 3600
;; Query time: 216 msec
;; SERVER: 10.xxx.xxx.xxx#53(10.xxx.xxx.xxx)
;; WHEN: Sat Sep 19 10:22:28 CEST 2020
;; MSG SIZE rcvd: 99