pfSense pfBlocker and mobile phones apps

William Barni · Oct 15, 2019, 2:54 PM

I can't seem to find a way to block any app activity in my mobile phones.
I can block youtube in the workstations via TLD, but all the mobilephones have normal access to videos, facebook and whatever they want.

I added a rule in pfSense to block all traffic on port 53 from LAN, so everyone needs to use pfSense as DNS server... but youtube and other apps keep working normally.

Source any, Destination Lan net, allow port 53
Source Lan net, Destination any, block port 53

I've also added youtube (youtube.com and many other hosts) into a custom list, did not work.

DNS Resolver is enabled.
I'm on pfSense 2.4.4-RELEASE-p3 and pfBlockerNG 2.1.4_17.

provels · Oct 15, 2019, 3:20 PM

@William-Barni Try this:
https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html
But if your phones are using their data plan instead of your WiFi, you're SOL.

William Barni · Oct 15, 2019, 3:54 PM

They are connected via the WiFi, without any data enabled but the WiFi and the WiFi routers are on bridge mode.

pfSenseTest · Oct 15, 2019, 4:03 PM

You didn't say, but depending on the mobile phone it could be this...
https://forum.netgate.com/topic/135832/quad9-dns-over-tls-setup-with-unbound-forwarding-in-2-4-4-rc/2
Phones could be using TLS via port 853 for DNS

William Barni · Oct 15, 2019, 5:01 PM

@pfSenseTest Added the firewall rules mentioned in the link (I already had added the DNS, and now I added the TLSDNS ones) and in the mobile the youtube is blocked when accesing via browser but the app still works perfectly fine.

Several mobile phones, all the same behavior. iOS 10, 11 and 12. Android 6, 7 and 8.

provels · Oct 15, 2019, 5:03 PM

Probably need to pick one of these phone's IPs and create a rule to log everything for that IP.

pfSenseTest · Oct 15, 2019, 5:39 PM

@William-Barni said in pfSense pfBlocker and mobile phones apps:

blocked when accesing via browser but the app still works perfectly fine.

web browser vs dedicated app are 2 different things.

https://www.netgate.com/blog/application-detection-on-pfsense-software.html

https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html

William Barni · Oct 15, 2019, 6:57 PM

@pfSenseTest Hum... ok. Thanks for the answer.

I need to learn a ton of new tools and to develop rules for them, understand their behavior, just to block youtube.

bmeeks · Oct 16, 2019, 12:28 PM

@William-Barni said in pfSense pfBlocker and mobile phones apps:

@pfSenseTest Hum... ok. Thanks for the answer.

I need to learn a ton of new tools and to develop rules for them, understand their behavior, just to block youtube.

YouTube does not want to be blocked ... . So they make sure it is somewhere between difficult and impossible to block their traffic. Google has gotta have that ad revenue you know ... .