Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Users accessing blocked website by entering DNS!

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 5 Posters 701 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pankajpomal
      last edited by

      hey..
      in my network users can access many secured websites by entering dns 8.8.8.8 / 4.2.2.2
      can you tell me how to not to allow them to bypassing my firewall

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        Stop multiposting.

        https://forum.pfsense.org/index.php?topic=93001

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          yeah don't allow outbound on dns udp/tcp 53..  Its really that simple!

          Use a proxy with content filtering as the only thing outbound from your network.  Doesn't matter if they can look up sites then, no matter what site they want to go to they have to ask the proxy to go get it, etc.  Which uses your control list.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • N Offline
            NOYB
            last edited by

            Well you could block access to non-approved DNS servers with a firewall rule to force them to use only your approved DNS servers (Interface: LAN, Action: Block, Proto: TCP/UDP, Destination: !DNS_Aprroved_Servers, Port: 53).

            Though that approach won't block or prevent access to any web sites.  Users can just lookup the address somewhere else and add an entry for it to their host file.

            Like John said, you're probably looking at a proxy to do this or some other means of site filtering.

            1 Reply Last reply Reply Quote 0
            • K Offline
              killmasta93
              last edited by

              if you really want to piss them off use transparent proxy  ;D for http

              and pfblockerNG to block https (use hurricane list to find the ip of the sites using https)

              Tutorials:

              https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.