Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block hostnames

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mueller
      last edited by

      Hello,

      I'm very new to Pfsense. I've used the search function and found some topics regarding my issue but sadly all of them were discussed by expert users and therefore lack out of details.
      I just wanted to know how I can block a hostname or a list of hostnames for example:

      vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
watson.telemetry.microsoft.com

      I've downloaded pfBlockerNG. Opened the menu and go to IPv4 tab.
      THen I've added a new rule, on List action I selected "Deny both". At the bottom at IPv4 Custom list I've entered a test hostname and clicked on save.
      Then on the pfBlockerNG main window I've enabled pfBLockerNG.
      However when I ping google.de it still reponses.

      Can anyone tell me where exactly I can enter hostnames to block?
      1.jpg
      1.jpg_thumb
      2.jpg
      2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        doesn't look like you have selected any interfaces to apply the rules too..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Blocking the first two will break Windows Updates. Waste of time.

          1 Reply Last reply Reply Quote 0
          • M
            Mueller
            last edited by

            @doktornotor:

            Blocking the first two will break Windows Updates. Waste of time.

            My question was how to block hostnames (in general) not if, what I'm doing, is waste of time or not.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              0/ As noted above, you didn't select any interfaces to apply the rules on.
              1/ Even if you did, this won't work unless you use DNS instead of pfBNG.
              2/ This will break your Windows updates.
              3/ Waste of time. If you have W7/8.1, simply remove the updates with the bundled shit. If you have W10, then simply do NOT use it.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                You know how I would block host names.  I create a alias and put in the host names and then use that rule to block..

                blockhost.png
                blockhost.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • H
                  Harvy66
                  last edited by

                  Instead of blocking IP addresses, why not place an invalid DNS entry in the DNS server? I do this with Ad servers all the time. IPs can change at any time, but if DNS doesn't work, no way around that.

                  Of course if the target DNS server was not your server for some reason, you'll need to block LAN to Internet DNS queries.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    yup that is a sure way point whatever you don't want people to go to 127.0.0.1

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.