Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfblockerNG question on blocking WEB applications on smartphones

    pfBlockerNG
    2
    9
    499
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shkiber
      last edited by shkiber

      Hello everyone
      I had a problem with blocking through pfblockerng
      namely
      applications on smartphones work bypassing pfblockerng.
      Is there a recipe for blocking web applications on pfblockerng

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @shkiber
        last edited by Gertjan

        @shkiber

        These phone apps, are they even using DNS, or do they use hard coded IPs ?
        You could discover that with packet capturing.
        And if they use DNS, they have their own build in (build into the App), or do they use the phone DNS ?
        For example, the apps could use DNS over SSL/TLS
        You could discover that with packet capturing.
        What is the phone DNS ?

        If the apps are plaining it nicely, and they use the phone DNS
        And the phone uses your pfSense as a DNS
        Then the pfsense resolver unbound is able to 'see' the DNS requests.
        And thus pfblockerng-devel can 'see' them, and act upon them.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 0
        • S
          shkiber @Gertjan
          last edited by

          @gertjan well, for example, youtube and instagram and facebook on the browser they are blocked, but if the user enters through the application, then the blocking does not work

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @shkiber
            last edited by

            @shkiber said in PfblockerNG question on blocking WEB applications on smartphones:

            but if the user enters through the application

            True, the Youtube app doesn't use 'www.youtube.com' to connect to the web youtube server.
            It uses another access - using another host name (if it uses a host name)

            As said above : what is the DNS used by these apps ? ( if they even use DNS, and not a list with build in IPs ).

            You don't have the source code of the apps, I get it.
            There is only one way to find out : packet capture the device, see if it emits DNS requests when you start the app.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            S 1 Reply Last reply Reply Quote 0
            • S
              shkiber @Gertjan
              last edited by

              @gertjan Is wireshark suitable for this purpose?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @shkiber
                last edited by

                @shkiber

                "Wireshark" is a tool that permits you to see Ethernet packets.
                The nice thing is : you can filter "from what" device to "what device", what protocol used (TCP or UDP), and what source and destination port, etc.

                You'll be seeing the packet, for example the initial DNS request from a device, and the answer coming back.
                As a filter, set up the IPv4 (and/or IPv6 !) of the device, and destination port "53".

                I don't want to be silly, but wireshark can't help you if you don't know the basics of Ethernet (packets).

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                S 1 Reply Last reply Reply Quote 0
                • S
                  shkiber @Gertjan
                  last edited by shkiber

                  how can i capture the device with a packet to see the requests

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @shkiber
                    last edited by

                    @shkiber said in PfblockerNG question on blocking WEB applications on smartphones:

                    how can i capture the device with a packet to see the requests

                    ?
                    Use the packet capture function, under Diagnostics.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      shkiber @Gertjan
                      last edited by

                      @gertjan good afternoon, i found a solution if you add dns
                      youtubei.googleapis.com in DNSBL, then the application on smartphones also gets blocked, thank you very much for your help

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.