How to block an ip range from any company.

anttechs · Feb 16, 2019, 12:55 PM

I know I should no this by now with PfSense and PfBlocker.
Stupid question but I just want to make sure Im doing right and that it is that easy.

Make an Aliases and add the ranges from a WHOIS check and that’s it?

Is it that easy and straightforward?

Ill say it again, I do love the way BBCAN177 got a DNSBL with the BBC in it lol that’s great still keep the anti corps coming I say lol

I do love my tools plugin :)

CyberMinion · Feb 17, 2019, 5:21 AM

That the first step. You can also use the import button under Aliases, to enter a blob of addresses.

Then, go to Firewall > Rules and add a rule for each alias. You can block just LAN (going out) or WAN (coming in), or use a floating rule. In the rule, include the alias and what you want to do (block or reject).

anttechs · Feb 17, 2019, 3:28 PM

Thats cool to know thanks as was wondering about the Lan side of it.
Thank you very much for the info ;)

CyberMinion · Feb 17, 2019, 9:55 PM

@anttechs I'm glad I could help. Actually though, I'm just passing on what I just recently learned in this forum. I had to ask a similar question recently.

FYI, the link in your signature seems to be broken (returns 404). I can access the main site, but your permissions settings block further exploring.

Gertjan · Feb 18, 2019, 8:39 AM

facebook.com
is not only

Your image indicates that facebook uss one (1) IPv6.
The own entire AS's with huge IPv6 ranges.
IPv4 : same thing.

anttechs · Feb 20, 2019, 1:36 PM

Yes Im still learning but I thought that was the IPV6 range, thats my little example but what do you think of this ?

Is this what it should look like or have I got a lot more to think about when blocking big names?

Grimson · Feb 20, 2019, 2:33 PM

You need to learn the difference between a single IP, an IP range and a network.

RTFM:
https://docs.netgate.com/pfsense/en/latest/book/network/index.html
https://docs.netgate.com/pfsense/en/latest/book/firewall/aliases.html#network-aliases

CyberMinion · Feb 20, 2019, 10:33 PM

yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though.

Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.