How do I block mobile apps like Facebook, Instagram, and Amazon with OpenAppID?



  • Hello to everyone

    I want to block Internet access for mobile applications like Facebook, Twitter, and Amazon using Snort and OpenAppID . There are no enough OpenAppID settings in Snort's General Settings and Snort interfaces. I can only enable OpenAppID in Snort General settings and Snort interfaces. There's nothing else.

    By the way, I can block websites like Facebook, Twitter, and Amazon in the browser using E2Guardian and Squid. For example, when I access facebook.com from a browser, I block all URIs in SQStat in the ACLs of E2Guardian - In this way, even if the website has SSL, I can block that website - After blocking whole facebook.com URIs with E2Guardian, I also noticed that the data traffic of the Facebook mobile application is cut. It's also the same with the Facebook application in Windows 10.

    I want to block mobile application with OpenAppID, not the E2Guardian. I couldn't find any up-to-date and relevant resources on the Internet. Can you help me on this issue?



  • Did you review the OpenAppID setup instructions in the pfSense documentation? Here is a link: https://docs.netgate.com/pfsense/en/latest/ids-ips/setup-snort-package.html?highlight=openappid#application-id-detection-with-openapp-id.

    You have to enable the OpenAppID rules download (along with the OpenAppID detector stubs), update the rules on the UPDATES tab to download the necessary files, then go to the RULES tab and select which OpenAppID categories you want to use. Sounds like, from your description of things, that you have not done all of these steps.

    Also, you will find that Snort and OpenAppID will work better with the new Inline IPS Mode feature available in the Snort 4.0_6 package on pfSense-2.5-DEVEL.


Log in to reply