How to block YouTube in PFSense
-
Block external DNS and set DNS to resolve youtube.com to 127.0.0.1
Keyword blocking, can't be done without a proxy, PFSense is not a proxy so you need 3rd-party software.
-
… resolve youtube.com to 127.0.0.1
Then users start using yt.ca .fr .de .co.uk … you get the picture.
-
you can block any site using blacklist in proxy server.
Path :- Services- Proxy server- ACLs- blacklist
Enter Website name in Blacklist then no one will have access to particular site
-
-
Here is another method, using new features in pfsense's dns resolver unbound
https://forum.pfsense.org/index.php?topic=131833.msg725378#msg725378
-
First of all thank to pFsense!
It's just perfect. Right now we have pFsense box hand dhcp to 15 UniFi router for our company! We just block Facebook & Youtube (Android App + iOS App)!
I use pFsense 2.2.6-RELEASE (amd64) (I am not sure about other newer version).1 - Firewall > Rules > (Interface You wanna block)
2 - Create Rule to allow the interface can talk to DNS:
(for Whom don't know how to create:
action = pass
TCP/IP Version = IPv4 _Protocol = tcp/udp
Source = Staff net {My interface name: Staff, you have your own}
Destination = Staff Address
Destination port = DNS 53
Check => Log packets that are handled by this rule)3 - Create Rule for Managers going to any where:
(for Whom don't know how to do:
=> Firewall > Aliases > add new Aliase:
Name = Managers
Hosts > Add new entry > 10.11.11.253 <= My Staff net = 10.11.11.0/24, and not surprisingly IP 253 is mine
=> Firewall > Rule:
action = pass
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Alias:Managers
Destination = Any
Destination port = Any
Check => Log packets that are handled by this rule)4 - Create Rule for blocking Facebook:
=> Firewall > Aliases > add new Aliase:
Name = facebookApp
Hosts > Bulk import from Aliases list > facebookApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Staff net
Destination = Aliases: facebookApp
Destination port = Any
Check => Log packets that are handled by this rule)5 - Create Rule for Staffs accessing allowed Website
6 - Create Rule for Managers accessing Google: <= this is how youtube app got block
- My company not allowed Google Search for users, that why Managers group is the target.
=> Firewall > Traffic Shaper > Layer7 > Create new l7 rules group
Check = Enable/Disable layer7 Container
Name = youtubeBlock
Add entry = httpvideo > action = block
=> Firewall > Aliases > add new Aliase:
Name = googleApp
Hosts > Bulk import from Aliases list > googleApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Aliases: Managers
Destination = Aliases: googleApp
Destination port = Any
Check => Log packets that are handled by this rule)
Advanced features = Layer7: youtubeBlock
7 - Create Rule to deny anything:
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = any
Destination = any
Destination port = Any
Check => Log packets that are handled by this rule)8 - Test it on android and iOS
Good luck blocking youtube app @@
- My company not allowed Google Search for users, that why Managers group is the target.
-
Blocking "youtube" - or any other big organization, just watch http://www.wikihow.com/Access-YouTube-at-School to see the start of what might be an answer.
Blocking DNS requests won't stand long, as any user can list up in his own host file all the "yahoo" domaine names.
edit : I didn't try what @ajchhai proposed - I saw his reply after posting …
-
I am going the DNS route. For now, the kids won't be able to change the dns server on their device… yet.
Thanks for the suggestions though.
-
@chhinfo hey brother need your help. i want to use scheduling on my pfsense. i want to block facebook, instagram, and youtube on a certain time and only they can access facebook, instagram and youtube for one hour and after that block again. I tried it but only facebook and instagram works, not youtube because of so many ip address they have. I tried also using squid, pfblocker, and openDNS, but the problem is, it will permanently block. Hope you can help me. Thanks
-
@chhinfo Hi! Yes I also very interested how you can block by schedule?
-
@chhinfo said in How to block YouTube in PFSense:
First of all thank to pFsense!
It's just perfect. Right now we have pFsense box hand dhcp to 15 UniFi router for our company! We just block Facebook & Youtube (Android App + iOS App)!
I use pFsense 2.2.6-RELEASE (amd64) (I am not sure about other newer version).1 - Firewall > Rules > (Interface You wanna block)
2 - Create Rule to allow the interface can talk to DNS:
(for Whom don't know how to create:
action = pass
TCP/IP Version = IPv4 _Protocol = tcp/udp
Source = Staff net {My interface name: Staff, you have your own}
Destination = Staff Address
Destination port = DNS 53
Check => Log packets that are handled by this rule)3 - Create Rule for Managers going to any where:
(for Whom don't know how to do:
=> Firewall > Aliases > add new Aliase:
Name = Managers
Hosts > Add new entry > 10.11.11.253 <= My Staff net = 10.11.11.0/24, and not surprisingly IP 253 is mine
=> Firewall > Rule:
action = pass
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Alias:Managers
Destination = Any
Destination port = Any
Check => Log packets that are handled by this rule)4 - Create Rule for blocking Facebook:
=> Firewall > Aliases > add new Aliase:
Name = facebookApp
Hosts > Bulk import from Aliases list > facebookApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Staff net
Destination = Aliases: facebookApp
Destination port = Any
Check => Log packets that are handled by this rule)5 - Create Rule for Staffs accessing allowed Website
6 - Create Rule for Managers accessing Google: <= this is how youtube app got block
- My company not allowed Google Search for users, that why Managers group is the target.
=> Firewall > Traffic Shaper > Layer7 > Create new l7 rules group
Check = Enable/Disable layer7 Container
Name = youtubeBlock
Add entry = httpvideo > action = block
=> Firewall > Aliases > add new Aliase:
Name = googleApp
Hosts > Bulk import from Aliases list > googleApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Aliases: Managers
Destination = Aliases: googleApp
Destination port = Any
Check => Log packets that are handled by this rule)
Advanced features = Layer7: youtubeBlock
7 - Create Rule to deny anything:
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = any
Destination = any
Destination port = Any
Check => Log packets that are handled by this rule)8 - Test it on android and iOS
Good luck blocking youtube app @@
Hi where is can get facebookapp.txt and googleapp.txt?
Links doesnt work
Thanks - My company not allowed Google Search for users, that why Managers group is the target.
-
hi, @chhinfo could you please reattach the aliases for facebookApp.txt and googleApp.txt because link doesnt work.
thanks
-
@chhinfo
Thank you so much for your contribution in such detail.
Although I have not tried your presented solution but I understand that it would be quite helpful for a Novice user like me. Kindly re-attach your following files:
facebookApp.txt
googleApp.txt_Thank you once again.
