Can anyone help me block mobile application like facebook, youtube, & other IM

VirtualBob · Mar 12, 2017, 11:27 AM

Hey,

I managed to do this using SquidGuard.

https://doc.pfsense.org/index.php/SquidGuard_package

You will also need to downlaod a white/blacklist and upload it.

Then there is some monitoring to do and check through logs to add anything that slips past.

Other way to do it is block everything by default and only allow what matches WAN ip addresses that you want.

Ive not been playing with pfSense for long but hope that helps move things forwards.

jesense · Mar 12, 2017, 12:22 PM

Thank you Virtual bob i will try this…

stephenw10 · Mar 12, 2017, 4:36 PM

That will only filter http/https traffic though so not message traffic at least in some cases.

You might also try using DNS-BL from the pfBlocker package to block domains at the DNS level which obviously works for all protocols but not if apps have hard coded IPs.

Steve

jesense · Mar 13, 2017, 4:29 AM

Can you help me to configure the pfblocker? im new to pfsense. . please

pfBasic · Mar 14, 2017, 4:40 PM

@jesense:

Can you help me to configure the pfblocker? im new to pfsense. . please

pfBlockerNG has really great info built into the package, just click on the info panes and read for basic setup.

Here are some additional posts to get you started:
https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943

What you are trying to accomplish goes beyond the basic setup. You'll need to poke around the forums to learn how to do what you need, but it's all laid out very well. Pay extra attention to posts by BBCan177, pfBNG is his.

Once you've got pfBNG up and running with a basic configuration, check out this thread and the posts it links to. It's focused on blocking porn but you can use the same methods and lists to accomplish your goals.
https://forum.pfsense.org/index.php?topic=125863.0

pfBasic · Mar 14, 2017, 4:45 PM

Out of curiosity I'm wondering if it would be possible to somehow hack the Traffic Shaper to effectively block IM services. It allows you to specify services, could you go into a config file or something and limit those services to 0 throughput?

Just a thought, I'd be interested in hearing the thoughts of someone smart on this!

marvosa · Mar 15, 2017, 3:42 PM

Is is possible to leverage some existing tools and packages to accomplish what you want… maybe... but you'll be chasing 10's of thousands of IP's, it'll eat up a bunch of time and will be a management nightmare.

The more straight forward approach is to implement a UTM inline with your network.

Chrismallia · Mar 15, 2017, 4:13 PM

marvosa is right. I never found a mature way of doing this type of blocking in pf

If you really need this throw in untangle as a bridge install application control and just tick what you want to block

stephenw10 · Mar 15, 2017, 6:09 PM

One possibility is to use OpenAppID in Snort. You can block with that if a signature exists for the app you want. I'm unsure about marking traffic for shaping using that. It's relatively new in the package.

Steve

Chrismallia · Mar 15, 2017, 6:44 PM

@stephenw10:

One possibility is to use OpenAppID in Snort. You can block with that if a signature exists for the app you want. I'm unsure about marking traffic for shaping using that. It's relatively new in the package.

Steve

This looks worth checking out

Presbuteros · May 18, 2021, 9:52 AM

@pfBasic:

pfBlockerNG has really great info built into the package, just click on the info panes and read for basic setup.

I second pfBasic. pfBlockerNG is a great tool to add to your pfSense install.

I just confirmed that you can block WhatsApp with pfBlockerNG by adding an IPv4 list. Once pfBlockerNG is installed and running navigate to Firewall>pfBlockerNG>IPv4. Click Add.

Alias Name: WhatsApp Block List

List Description: Blocking WhatsApp

Source:

https://www.whatsapp.com/cidr.txt

Header Label: WhatsApp

List Action: Deny Both

Update Frequency: Once a day

Click "Save"

Navigate to Firewall>pfBlockerNG>Update.

Click "Run"

Navigate to Diagnostics>States>Reset States

Check "Reset the firewall state table" and click "Reset"

You must reset the States or the settings will not take place.

Aziz Rahman · May 18, 2021, 9:52 AM

@presbuteros thank you for your nice comment, can you please tell us how to block youtube,facebook and other mobile applications?

lcbbcl · May 18, 2021, 11:31 AM

@aziz-rahman said in Can anyone help me block mobile application like facebook, youtube, & other IM:

@presbuteros thank you for your nice comment, can you please tell us how to block youtube,facebook and other mobile applications?

Try to use ASN option from pfblocker , he will create aliase, after you will create your own rule on each interface you need to block using that alias

My rule is to allow to certain ports so i won't be *(everything) . I would love to block the entire facebook but i am maried.