How to block facebook.com in pfSense?

valerica · Oct 1, 2021, 9:13 PM

I'm using pfSense on a Netgate SG-5100. It has Internet connection just fine. All I'm trying to do is block one single site: facebook.com. And I need to block it by domain name, not IP addressing.

I've been trying for weeks with pfBlockerNG. I was putting facebook.com in the TLD Blacklist. This might not be right though since facebook.com is a second-level domain, whereas "com" is the TLD.

Eventually, I got as far as blocking all .com sites but still being able to visit .org and .gov sites. That wasn't what I wanted but at least something was working. Then I changed one little thing and it stopped working, and I haven't been able to make it work again.

Today I tried to block facebook.com with Squid and SquidGuard. I added it as a 'target category' and in 'common ACL'. It's doing nothing and I can't make heads or tails of it. Maybe the way I changed DNS settings for pfBlockerNG doesn't work with SquidGuard?

It seems like all the relevant guides are years old, from when configuration options were different. How does one block facebook.com on pfSense?

SteveITS · Oct 1, 2021, 9:48 PM

@valerica If pfSense is DNS for your network, on the DNS Resolver page add a Host Override for "facebook.com" pointing to 127.0.0.1 or some fake IP.

valerica · Oct 3, 2021, 7:17 PM

@steveits Thank you for replying. I restored everything to defaults and configured it with your suggestion. In general setup, I set it to use local and ignore remote DNS. Then I added the following as a host override:

Host: facebook
Parent domain of host: facebook.com
Return IP address: 127.0.0.1

It's still allowing access to facebook.com . Am I missing something?

SteveITS · Oct 3, 2021, 8:53 PM

@valerica "nslookup facebook.com" and see if it's resolving to 127.0.0.1. If that does, it's being overridden OK, but it could be the browser using DNS over HTTP (DoH) which you'd need to turn off or block. I couldn't get pfBlockerNG-devel to block it via the settings in the package so I ended up enabling the "TheGreatWall_DoH_IP" feed and just blocking it that way. It can be turned off in browsers also. Firefox has a domain that can be set up (via Domain Override in pfSense)...https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet.

Gertjan · Oct 4, 2021, 7:27 AM

@valerica said in How to block facebook.com in pfSense?:

Host: facebook
Parent domain of host: facebook.com
Return IP address: 127.0.0.1

This means :
facebook.facebook.com will return 127.0.0.1.

Did you check that ? (nslookup, dig etc)
Do you want that ?