Blocking URL's in Pfsense firewall for specifi range of IP



  • Hi, pls anyone help me, i'm trying to block websites URL for specific IP using Alias and firewall rules, but nothing works.

    i create 2 alias

    1. Blocksites
      name: blockwebsite
      type: host
      IP/FQDN: www.facebook.com
    2. Unauthorusers
      name: unauthorize
      type: network
      Network or FQDN : 192.168.0.10/24

    Firewall Rules

    Action: block
    Interface: WAN
    Address Family: IPv4
    Protocol: TCP/UPD

    Source: Single host or alias : unauthorize
    ports : any any

    Destination: Single host or alias : blocksites
    Port: any any

    Pls check my configuration if anything i forgot or mistaken.

    Thanks and advance!


  • Netgate Administrator

    You can't use a host alias like that for a site like facebook. That will be resolved to a single IP when the ruleset is created but facebook is actually a vast number of IPs.
    You can try to use an AS number either manually:
    https://docs.netgate.com/pfsense/en/latest/firewall/blocking-websites.html#blocking-facebook
    Or using pfBlocker to auto update it.

    Or you could block that using the DNS instead which can be more effective.

    Steve


Log in to reply