Blocking Games in IOS n android

ashima · Apr 2, 2019, 7:53 AM

I am running Pfsense 2.4.4 with squid and squidguard with SSL.

I want to block popular games like :

```
 Mini DayZ
```
```
 Knives Out
```
```
 Rules of Survival
```
```
 Bullet Strike: Battlegrounds
```
```
 Garena Free Fire
```
```
 Grand Battle Royale
```
```
 Radiation Island
```
```
 Survival Royal
```
```
 Black Survival
```
Fortnite
PubG

I am able to block PubG by blocking IP 54.215.136.239 and 54.67.5.92

Also I have set deny for online games in squidguard.
I am using shallalist.
Can any one suggest any other blacklist to block gaming sites.

Thank you,
Ashima

stephenw10 · Apr 2, 2019, 11:36 AM

You can try using Snort with OpenAppID. Some of the underlying protocols there may be detectable:
https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html#application-id-detection-with-openapp-id

Steve

ashima · Apr 5, 2019, 4:44 PM

Thanks @stephenw10 n sorry for the late response. From almost a week I am breaking my head to block online gaming with little success.

Knives Out, Rules of Survival, Survival Royale got easily blocked by blocking access to their server.

But the rest of them are driving me crazy (especially pubg)
They have their servers on AWS They use port 443. So difficult to block them using Squid.
I tried with snort with APP-Id enabled on LAn port. Snort detects them as https traffic. So difficult to block it.
Only option I guess I have is to create an alias for AWS Ips and block them using squid. But this will block any other traffic to AWS.
What do I do.

Please help
Ashima

stephenw10 · Apr 5, 2019, 5:50 PM

If they use port 443 then that will get redirected through squid where it can be blocked by squidguard. Or may just be broken by Squid anyway.
Ultimately you are fighting a losing battle. Anyone who really wants to play will find a way around whatever you put in place. You should really be tackling this further up the OSI stack IMO.

Steve

ashima · Apr 8, 2019, 7:15 AM

@stephenw10, How do I do Layer 7 Filtering. Snort with app-id enabled detects it as https traffic. So how should I block it. I am new snort. I just read the documentation n watched the youtube video to configure it. I have only enabled App-id on LAn port in snort. Can you please guide me.

Thank You,
Ashima

stephenw10 · Apr 8, 2019, 12:04 PM

Openappid in Snort is the only option for filtering at the application layer. If it does not detect the traffic as anything other than https there's not much you can do.
There probably are blocklists available for most of that though. I would try installing pfBlockerng-dev and look at the feeds there.

Steve

floraoliviaa · Sep 10, 2020, 4:53 AM

This post is deleted!