Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sites still available even with dnsbl

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 3 Posters 603 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timbrigham
      last edited by

      I'm trying to block social media and video sites for the kiddos.

      I've tried using pfblockerng categories, and explicitly defining DNS entries for specific sites ( with the categories disabled ) pointing to 10.10.10.1.

      For some reason I don't understand a handful of specific sites still make it though with the DNS filtering enabled.

      Nslookup shows my blocking address on any sites I'm trying to block, but certain large sites (tiktok, Facebook and reddit especially) still load. What am I doing wrong here?

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • S
        skogs
        last edited by

        I'm certainly no expert on pfblockerng, as I haven't had to work a content filter or anything for a good 10 years or so...but if I go to tiktok and press F12 I see all kinds of junk like the following:
        sf16-scmcdn-va.ibytedos.com/goofy/tiktok/blahblahblah
        mcs-va.tiktokv.com
        mon-va.byteoversea.com

        It might say tiktok in the url; but everything inside is coming out of a giant content delivery network. If all the blocker redirects is the 'name brand' webpage; 99.9% of the content might load just fine, especially with side loading bullcrap that isn't using the normal web front end. Applications on phones and stuff will frequently bypass the front end entirely and rely on the CDN.

        When I pull up the simple facebook login page I get a million of these:
        static.xx.fbcdn.net
        scontent.fapa1-1.fna.fbcdn.net

        Similar story with reddit being full of:
        www.redditstatic.com
        v.redd.it
        preview.redd.it
        i.redd.it

        You owe me two bits for making me load tiktok. I watched 4 videos...I am dumber.

        1 Reply Last reply Reply Quote 0
        • NollipfSenseN
          NollipfSense @timbrigham
          last edited by

          @timbrigham Not sure whether you're still checking your thread; however, you never mentioned saving the changes you had made, then updating and reload pfBlockerNG (data base).

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          T 1 Reply Last reply Reply Quote 0
          • T
            timbrigham @NollipfSense
            last edited by

            @nollipfsense I saved and reloaded the changes. Im getting the correct 10.10.10.1 address when I attempt dns lookups. Thanks though.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.