Using pfblockerNG for blocking facebook and google
-
Hi,
I have installed and configured pfblockerNG. Its working great, no more ads but I also want to block facebook and google.How do I do that ?
Just a quick question if I block Google will Gmail get blocked too ?
-
To block DNS resolution to those domains, you can add them to a DNSBL Customlist. If you don't use TLD, then you will need to add all of the subdomains that you want to block… ie: (example.com, www.example.com, www.sub.example.com, sub.example.com )
To block via IP, you will need to find the ASN number and add that to the IPv4/6 Tabs using the "Whois" Source option.
-
To block DNS resolution to those domains, you can add them to a DNSBL Customlist. If you don't use TLD, then you will need to add all of the subdomains that you want to block… ie: (example.com, www.example.com, www.sub.example.com, sub.example.com )
To block via IP, you will need to find the ASN number and add that to the IPv4/6 Tabs using the "Whois" Source option.
Where is the DNSBL customlist ? Please give me a screenshot.
-
DNSBL FEEDS > Add a new Group ( or use an exising Group) > Scroll to bottom of page and click the "+" to open the DNSBL Custom List. Click on the Blue InfoBlock Icons for help text.
-
DNSBL FEEDS > Add a new Group ( or use an exising Group) > Scroll to bottom of page and click the "+" to open the DNSBL Custom List. Click on the Blue InfoBlock Icons for help text.
Thanks a lot for your reply.
I have added a rule to block Google but its not working. I can still open Google. Please see attachment
-
You need to add all the variants that Google uses; google.com, www.google.com, subdomain.google.com. etc
-
@teh:
You need to add all the variants that Google uses; google.com, www.google.com, subdomain.google.com. etc
I added
www.google.com www.google.co.in www.facebook.com m.facebook.combut still I can open Google and Facebook.
-
Enable the TLD option and run a Force Reload DNSBL which will block all sub-domains.
-
Enable the TLD option and run a Force Reload DNSBL which will block all sub-domains.
Done. Still not blocking. Please see attachment.
-
Just enter
google.com facebook.comThen TLD will block all sub-domains… When you enter a sub-domain like "www.facebook.com", it will only block that domain and not any other sub-domain.
Will need a Force Reload -DNSBL for the changes to take effect (Plus a clear of your browser cache)
-
Just enter
google.com facebook.comThen TLD will block all sub-domains… When you enter a sub-domain like "www.facebook.com", it will only block that domain and not any other sub-domain.
Will need a Force Reload -DNSBL for the changes to take effect (Plus a clear of your browser cache)
Done. Its working. Thanks a lot.
-
It looks like you got there but it depends on what you want to block… I did a bit of an experiment to block google, really to test their claim that you could choose not to use their services more than anything and the big problem you will have is that you just don't know what sites (that aren't google) rely on their services. The short version is that you can't, or to do so would be a huge undertaking, certainly beyond a simple block.
If you really want to block them you can block their IP range and their dns servers but even I who makes a conscious effort to avoid them, couldn't actually get anything done. The amount of data that they can mine just from googleapis.com and googlefonts.com for example must be astronomical even if you block the search, ads, and analytics domains.
-
It looks like you got there but it depends on what you want to block… I did a bit of an experiment to block google, really to test their claim that you could choose not to use their services more than anything and the big problem you will have is that you just don't know what sites (that aren't google) rely on their services. The short version is that you can't, or to do so would be a huge undertaking, certainly beyond a simple block.
If you really want to block them you can block their IP range and their dns servers but even I who makes a conscious effort to avoid them, couldn't actually get anything done. The amount of data that they can mine just from googleapis.com and googlefonts.com for example must be astronomical even if you block the search, ads, and analytics domains.
Despite blocking facebook I sill find the Linux's firewall (ufw) blocking 31.13.70.7 which is xx-fbcdn-shv-01-lax3.fbcdn.net. http://31.13.70.7.ipaddress.com/.
-
I sill find the Linux's firewall (ufw) blocking 31.13.70.7
Linux has nothing to do with pfSense (and if it did I would stop using it immediately). What are you trying to achieve and what is (and is not) working?
-
I sill find the Linux's firewall (ufw) blocking 31.13.70.7
Linux has nothing to do with pfSense (and if it did I would stop using it immediately). What are you trying to achieve and what is (and is not) working?
Read this thread and you will understand. https://forum.pfsense.org/index.php?topic=129740.0
-
If I read the thread so far correctly, you are in a position that you have added DNS blackholes for facebook.com and google.com, but are unhappy that the domain fbcdn.net and traffic to facebook's IP space are not blocked when you expected them to be.
The behaviour you're seeing is correct for the configuration you have so far, if you want other domains blocked (like fbcdn.net) then you need to block them in your list as you have done for the other domains. Many other domains for both facebook and google will also not be blocked (for example youtube.com even though it is part of google).
Even when you block the DNS request pfSense will not stop traffic going to IP addresses directly (for example pinging 31.13.70.7 would still work). To block traffic entirely you would need to add their domain/AS numbers to IP4 & IP6 lists (Google are AS15169 and facebook are AS32934) and tick the 'domain/AS' box. I can't remember if you need to include AS prefix as part of the number or not, I'm sure someone will be able to confirm that for you.
-
J jrey referenced this topic on
