block websites to certain users



  • Hello everyone
    I installed PFSENSE for the first time in my lab environment and configured captive portal and created some users and groups, I'm not sure if this can be done, I need to block some websites to some users example social media websites. I tried if there is any restrictions in captive portal based on users or groups but I didn't find anything. any solution would be appreciated

    Best


  • LAYER 8 Global Moderator

    to block social media your going to want to use proxy so that you can do it based up url, ie facebook.com vs IP since all of these sorts of sites are hosted on large CDNs with hundreds if not thousands of IP ranges.



  • thanks for your reply but can it be done not to all users



  • I have three DSL connections one of them is configured to block social media using open DNS and it's working fine for me, is it possible to redirect some users to this gateway based on some criteria, not sure if it's possible based on username or MAC address


  • LAYER 8 Global Moderator

    Put these users on their own vlan, then its easy to block that whole vlan, etc.


  • Rebel Alliance

    @fadygh said in block websites to certain users:

    ent and configured captive portal and created some users and groups, I'm not sure if this can be done, I need to block some websites to some users example social media websites

    Then what do you need is a proxy or an IDS. You should have a look to Squid, pfBlockerNG, Snort and Suricata packages on pfSense. They all do what you are requesting for, with few differences

    A captive portal can filter users that are connected, but cannot filter what users are doing once they are connected.

    Please also be aware that it is virtually impossible to fully block a websites category. Even Iran and China's firewall are failing to completly block social media, so don't expect your filtering to fool anyone a litte bit good in computer sciences.



  • thank you for your reply but I think that I didn't tell my scenario in order to get the right solution;
    I only need to block some website for some users not all of them these websites are youtube and facebook and the rule is working fine for me I'm using open DNS in the time being, I want to apply the rule to some WIFI users and some users that are using their wired network and getting their IP from DHCP Server, I'm using captive portal now, any idea how can I do it, I thought that I can make it based on captive portal accounts so I can decide which user can access those sites and which users cannot, as I told you I want this rules only to DHCP clients most of them wireless users

    Thanks for any suggestion


  • LAYER 8 Global Moderator

    Your using dns -- just create static dhcp reservations handing out opendns to the users you want to block

    You understand that any 8 year old child could bypass such filtering these days right ;)



  • thank for your reply
    I will create reservations based on MAC addresses on my pfsense router and will start using pfsense to start blocking websites, my problem is that in our network we have about four wireless routers not repeaters and each router's lan is on a different subnet, they are tplink routers, in this case I will handle DHCP role to pfsense server and set dhcp relay on tplink routers, so every MAC address in the DHCP reservation list will be assigned different gateway and appply rules on this, is that what suggest, in that case I don't know how we can route all internet traffic to pfsense gateway on a different subnet,
    please suggest


  • LAYER 8 Global Moderator

    @fadygh said in block websites to certain users:

    server and set dhcp relay on tplink routers

    Huh? So you have downstream wireless routers doing nat? Just use them as AP.. Not routers..


Log in to reply