Block a domain - Apple Private Relay

SOLVED
RumorConsumer
Head in the Cloud

Block a domain - Apple Private Relay

Apples new Private Relay technology looks good and one of the things they say you can do is block it on your network if you want. Brings up an interesting question - how do you block clients from accessing certain IPs or DNS lookup? My sense is maybe you can do it by VLAN or group policy? Is that how? Using cloudflare DNS servers. Ok hip me up.

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
1 ACCEPTED SOLUTION

Accepted Solutions
CptnCrnch
Kind of a big deal

Re: Block a domain - Apple Private Relay

6 REPLIES 6
KarstenI
Head in the Cloud

Re: Block a domain - Apple Private Relay

I would expect that the relevant sites will end up in the "Proxy Avoidance and Anonymizers" category when the feature is eventually established.

RumorConsumer
Head in the Cloud

Re: Block a domain - Apple Private Relay

But let’s say i wanted to block Facebook.com. How would i do that

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
CptnCrnch
Kind of a big deal

Re: Block a domain - Apple Private Relay

RumorConsumer
Head in the Cloud

Re: Block a domain - Apple Private Relay

Ah very good. Thank you.

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
KarstenI
Head in the Cloud

Re: Block a domain - Apple Private Relay

I don't think that it will be that easy as the MX will not see the request. Same as with Tor, either we block the ingress-nodes or we are blind for the communication.

RumorConsumer
Head in the Cloud

Re: Block a domain - Apple Private Relay

@KarstenI Yes I think that’s the advice that they gave. To block the ingress node address

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.