Google Makes Filtering so hard !



  • Hello everyone, I am glad to join this community, I thought to share some of my thoughts about this wonderful distro (pfsense).

    It is so nice to have pfsense to control your network, thank you for all developers and supporters. However I ran into some issues which are not necessarily related to pfsense.

    A big and main issue was about restricting some users on my network from accessing google services, I tried to white-list recaptcha service for my restricted users as it is vital to their job, while blocking the rest of google services, google makes it so hard to do so using the firewall approach, as they assign same IPs to multiple services, specifically by assigning same IP for the host www.google-analytics.com (which is required to be on white-list) and the host docs.google.com (which is required to be on the black-list), I have failed to solve this using aliases and firewall, is there a solution for this ?? even using other approach (like dns resolver/captive portal/squid) ??

    Thank you very much
    Fanar


  • Banned

    Well if the IP's and ports overlap as you say then the only way I could think of doing this on pfSense would be with custom rules on an IDS.

    Do a pcap of the traffic you want to block, another pcap of the traffic with matching IP that you want to pass. See if you can find something unique to single out the traffic you want to block. Then write a custom snort/suricata rule to filter that traffic. Make the rule drop the traffic without adding the IP to a list of blocked hosts.

    This is a pretty roundabout way of doing it, but should work if you can single out the traffic. I don't know of any other way it would be possible with pfSense? But I'm not an IT guy, so hopefully someone else can offer you a better way.
    Also, since you can't add the IP to a blocked hosts list then you are only dropping whatever packets you can identify as unique from the traffic you are trying to pass to the same IP. So it's possible that the connection would still work if you are passing most of the packets? So you'd have to find one or more unique traits to the bad traffic that constitutes a lot of what you are trying to block.

    What you really need is layer 7 filtering, which pfSense does not do.


  • Netgate

    What you really need is layer 7 filtering, which pfSense does not do.

    And then there's https.