Block https
-
Thank you so much if you can just send me a screen shot
-
I actually did three rules… see the ones with "53 (DNS)"...
 -
Hello
I seem to have figured out how to read in various forums that I need to activate OpenDNS, or better to make a profile on OpenDNS and record my public IP, my company has a static IP so I have no problem in registering an account on OpenDNS …. but before doing so I arose a doubt, all the traffic of my public IP and therefore my company will go before the OpenDNS servers that will apply filters and then I will see the desired web page ... my doubt is all slow in navigation? taking into account that the clients of my company are about 500?
hello and thank you very much
-
Only the DNS requests go to OpenDNS (instead of to your ISP DNS server, or Google DNS 8.8.8.8 8.8.4.4 or wherever you got DNS before).
Once the pfSense has resolved the name to an address using OpenDNS, it gives it to the LAN client/s which then access the requested site by the IP address. That's how DNS works ;)
If you do like the rules posted above, which stop clients being able to set some DNS server themselves, then they can only get DNS resolution from pfSense and OpenDNS.
Then you setup your account in OpenDNS, and your filtering rules/categories. And OpenDNS returns some address of a block page for sites that you decided to block.
Users can get around this if they know the actual IP address of the site - they type it directly into their browser. But these days most sites of any use, and the ones you want to block, have so many links to other things on different servers that it is no longer practical for anyone to work just by IP addresses! -
Hello
I seem to have figured out how to read in various forums that I need to activate OpenDNS, or better to make a profile on OpenDNS and record my public IP, my company has a static IP so I have no problem in registering an account on OpenDNS …. but before doing so I arose a doubt, all the traffic of my public IP and therefore my company will go before the OpenDNS servers that will apply filters and then I will see the desired web page ... my doubt is all slow in navigation? taking into account that the clients of my company are about 500?
hello and thank you very much
OpenDNS is definitely an easy way to accomplish what you want… and as Phil pointed out, the only traffic that goes there is to port 53 for DNS resolution.
As I said before... there are also a couple of other options.
1.) You could enter the addresses you want to "block" as "overrides" on the DNS page. just make the override go to some bogus address.
2.) You could also setup your own DNS server (unbound is available as a package). You would block/redirect in the DNS server settings. -
Hello would you give me more info to try to achieve these two options that you said?
thank you very much
-
There's not much else I can tell you… for option #1, it is right on the bottom of the DNS forwarder page.
For option #2 you would need to install the "Bind" package from the list of packages. I'm not an expert on how to setup "Bind", but I know you can have it forward resolution requests to another site/page.
-
ok thanks
if I wanted to follow option 1 what should I do? could you give me more details? that is not clear to me where is the page of the dns forwardthanks
-
Services/DNS Forwarder on the GUI… Bottom of the page has a spot where you can enter overrides.
-
You could give me a hand? Case ever with the screen shots
thank you very much