Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block TOR

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 6 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      insurin
      last edited by

      ahh I see. My goal is to stop my users using tor browsers whether on their laptops or mobiles and bypassing blocked websites.

      1 Reply Last reply Reply Quote 0
      • I
        insurin
        last edited by

        BBcan

        Do you mean add the URLS you sent into the source section (attached image)

        pf.PNG
        pf.PNG_thumb

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          Yes exactly.

          There are other CSV lists available from here:

          https://torstatus.blutmagie.de/
              https://www.dan.me.uk/tornodes

          And the IDS url from Proofpoint seems to list both Exit Nodes and Relays etc…
              https://rules.emergingthreats.net/open/suricata/rules/tor.rules

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • I
            insurin
            last edited by

            What am I entering in the Header/Label box. It cannot be left blank

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              The Header/Label field is used to name the downloaded files. So each header name needs to be unique and not contain any spaces or special characters…

              ie:  Blut_TOR, DM_TOR, ET_TOR

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere
                last edited by

                You could try forcing the router to be the DNS server, when I last tested it TOR was unable to connect.

                In Firewall/NAT/Port forward
                add a new rule

                Interface = LAN
                Protocol = TCP/UDP
                Source ports = *
                Dest address = *
                Dest ports = 53
                NAT IP = 127.0.0.1
                NAT Ports = 53
                Description = Redirect DNS
                LAN TCP/UDP * * * 53 127.0.0.1 53 Redirect DNS
                Save

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • I
                  insurin
                  last edited by

                  This is a real ball ache this TOR stuff. I have a Sonicwall but have to use DPI-SSL to implement blocks for my network but the issue I have is I max out the DPI-SSL count fairly easy. To get around that I have implemented Application blocks via my Anti Virus so if Tor browser/firefox portable etc runs, the AV will block it. So although I am not preventing access to TOR unless I use DPI-SSL, I am stopping the app at source which is working perfect for Domain devices. This is why if I can get this pfblocker working, I will have put something in place to block my BYOD users. It just doesn't look good when you go out an buy an expensive UTM firewall and you get some little shit bypassing blocked websites via TOR.

                  1 Reply Last reply Reply Quote 0
                  • A
                    aGeekhere
                    last edited by

                    try above method

                    Never Fear, A Geek is Here!

                    1 Reply Last reply Reply Quote 0
                    • I
                      insurin
                      last edited by

                      AGeekHere

                      The URLs in the source field seem to be doing the trick. I can see them appearing in in the Deny Filter and I cannot make a connection with a TOR browser.

                      I just gave the header a file name. Thanks BBcan177

                      I will certainly look at your method too. Just curious why Tor would not connect if I made the router the DNS sever

                      1 Reply Last reply Reply Quote 0
                      • V
                        Valeriy
                        last edited by

                        You can use Pfblocker with IP black list functionality that includes IP addresses of all Tor exit nodes (updating it manually from public sources). Or Snort with the same (but more difficult to set up properly)

                        1 Reply Last reply Reply Quote 0
                        • A
                          aGeekhere
                          last edited by

                          just tested it again, it no longer works, oh well.

                          Never Fear, A Geek is Here!

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tolpa
                            last edited by

                            @aGeekHere:

                            just tested it again, it no longer works, oh well.

                            I`d try it too - no effect (((
                            No ideas more? (

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.