How to block an ip range from any company.



  • I know I should no this by now with PfSense and PfBlocker.
    Stupid question but I just want to make sure Im doing right and that it is that easy.

    Make an Aliases and add the ranges from a WHOIS0_1550321342742_Screenshot 02-16-2019 12.26.52.png check and that’s it?

    Is it that easy and straightforward?

    0_1550321385389_Screenshot 02-16-2019 12.28.26.png

    Ill say it again, I do love the way BBCAN177 got a DNSBL with the BBC in it lol that’s great still keep the anti corps coming I say lol

    0_1550321430668_Screenshot 02-16-2019 12.42.02.png

    I do love my tools plugin :)



  • That the first step. You can also use the import button under Aliases, to enter a blob of addresses.

    Then, go to Firewall > Rules and add a rule for each alias. You can block just LAN (going out) or WAN (coming in), or use a floating rule. In the rule, include the alias and what you want to do (block or reject).



  • Thats cool to know thanks as was wondering about the Lan side of it.
    Thank you very much for the info ;)



  • @anttechs I'm glad I could help. Actually though, I'm just passing on what I just recently learned in this forum. I had to ask a similar question recently.

    FYI, the link in your signature seems to be broken (returns 404). I can access the main site, but your permissions settings block further exploring.



  • facebook.com
    is not only
    0_1550479066153_f39a4201-33ef-4674-8ef1-b49ba71fe658-image.png

    Your image indicates that facebook uss one (1) IPv6.
    The own entire AS's with huge IPv6 ranges.
    IPv4 : same thing.



  • Yes Im still learning but I thought that was the IPV6 range, thats my little example but what do you think of this ?

    Is this what it should look like or have I got a lot more to think about when blocking big names?

    0_1550669743249_Screenshot 02-20-2019 13.32.15.png





  • yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though.

    Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.


Log in to reply