Blocking URL's in Pfsense firewall for specifi range of IP

wedz

Hi, pls anyone help me, i'm trying to block websites URL for specific IP using Alias and firewall rules, but nothing works.

i create 2 alias

1. Blocksites
   name: blockwebsite
   type: host
   IP/FQDN: www.facebook.com
2. Unauthorusers
   name: unauthorize
   type: network
   Network or FQDN : 192.168.0.10/24

Firewall Rules

Action: block
Interface: WAN
Address Family: IPv4
Protocol: TCP/UPD

Source: Single host or alias : unauthorize
ports : any any

Destination: Single host or alias : blocksites
Port: any any

Pls check my configuration if anything i forgot or mistaken.

Thanks and advance!

stephenw10

You can't use a host alias like that for a site like facebook. That will be resolved to a single IP when the ruleset is created but facebook is actually a vast number of IPs.
You can try to use an AS number either manually:
https://docs.netgate.com/pfsense/en/latest/firewall/blocking-websites.html#blocking-facebook
Or using pfBlocker to auto update it.

Or you could block that using the DNS instead which can be more effective.

Steve

ngr2001

@stephenw10

I am looking to do the same. Can I block facebook.com for just a specific list of local clients/IP addresses. I would like to do this with native features like DNS Resolvers appose to a plugin.

Is that possible.

stephenw10

You can, potentially, add a custom 'view' in unbound so that only a subset of client devices get a bad resolution for *.facebook.com. It's a non-trivial setup but there are some threads here detailing it.