Block Discord during certain hours

Security Firewall Rules
1

Forgive me if this has been covered… I didn’t find it in searching (honest, I did try).

Does anyone have firewall rules to block Discord for certain periods of time. My son is now doing virtual learning and I want to shutdown his discord access when he should be focusing on school. I’ve googled and nobody really seems to have a decent answer other than “block the domain names.”

2

“block the domain names.”
That sounds right. :frowning:
Hard to block something you can run in a browser tab. port 443

3

Hi,

first, welcome to the IPFire community. :slight_smile:

Second, blocking domain names is tricky if your client does not use a web proxy (which is most probably going to work in case Discord is accessed via a common web browser, however, I would be surprised to hear a Discord smartphone app being able to deal with proxies): For security reasons, IPFire does not support firewall rules based on FQDNs, since this opens up a large attack surface in case that FQDN is not DNSSEC-signed or the domain owner bypasses restrictions by propagating certain IPs.

discord.com seems to be hosted on dedicated IPs within AS13335 (Cloudflare, Inc.):

user@machine:~> dig +short a discord.com
162.159.137.232
162.159.138.232
162.159.136.232
162.159.128.233
162.159.135.232

As long as this setup stays that way, you might want to drop HTTP(S) traffic to those IP addresses from your son’s device within a certain timeframe. This breaks if:

  • discord.com moves to new IP addresses,
  • those IPs become shared ones so blocking them entirely causes too much collateral damage to legitimate web sites,
  • Discord services (i. e. for app communication) are hosted somewhere else.

For further information regarding firewall rules, please refer to the corresponding documentation. IPFire’s web proxy and its capabilities is documented here.

Thanks, and best regards,
Peter Müller

P.S.: To my surprise, discord.com is even DNSSEC-signed:

user@machine:~> dig soa discord.com

; <<>> DiG 9.11.2 <<>> soa discord.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63771
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;discord.com.			IN	SOA

;; ANSWER SECTION:
discord.com.		3600	IN	SOA	gabe.ns.cloudflare.com. dns.cloudflare.com. 2035173740 10000 2400 604800 3600

;; Query time: 216 msec
;; SERVER: 10.xxx.xxx.xxx#53(10.xxx.xxx.xxx)
;; WHEN: Sat Sep 19 10:22:28 CEST 2020
;; MSG SIZE  rcvd: 99
1 Like