[Solved]Is Aliases can block?
-
Hello guys i have question with the Aliases.
I go at IP. then i click add then i choose HOST i input like www.twitter.com then save name like "block"
Then i go to Firewall > Rules > Lan then i add block then i set in Single host or alias, then i choose "block".
Then i clear all history in chrome then i reload the Filter Reload in the PFSense. then i search twitter and still able to browse the twitter.
-
Yes, aliases can be used to block.
Works best using IP's, but it can work using URL. The URL will get resolved for you.@Vincent_28 said in Is Aliases can block?:
I go at IP. then i click add then i choose HOST i input like www.twitter.com then save name like "block"
Wait ...
You think www.twitter.com points to a (one :) unique IP ?
If that was so, it would probably work : the URL ( www.twitter.com ) will get converted to an IP - the IP from twitter - and you'll be happy.
Btw : the firewall uses IP's, not URL's.Now for bad news :
twitter - youtube - facebook, outlook, yahoo - netflix - amazon - etc etc etc (the big ones) use not one IP.
They use thousands of IP's .... and they also use many IPv6 ....
And to make things wore : they maintain there servers, and when they do so, they take it out of the "circulation" (they remove the IP as a possible A address) - and put in others in place.
They do the same thing for load balancing.Look at this :
[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dig twitter.com A +short 104.244.42.65 104.244.42.129I wait a minute or so and repeat the command :
[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dig twitter.com A +short 104.244.42.193 104.244.42.129You saw it ? One of the IP's changed !
So, no, putting in an URL in alias and think that will help you to block a domain name, that's ok and often works. But not for the "big ones".
The subject is known, you can find many forum messages about this subject.
You'll be needing pfBlockerNG or something Squid family (have no experience with the latter). -
You may be better blocking via ASN number with pfBlockerNG-devel.
AS details for AS13414 :-
aut-num: AS13414
as-name: TWITTER
descr: Twitter
import: from AS-ANY accept ANY AND NOT {0.0.0.0/0}
export: to AS-ANY announce AS-TWITTER AND NOT {0.0.0.0/0}
admin-c: NETWO3685-ARIN
tech-c: NETWO3685-ARIN
notify: noc@twitter.com
mnt-by: MAINT-AS13414
changed: rcarroll@twitter.com 20190702 #08:43:36Z
source: RADBIPv4 subnets for AS13414 :-
199.96.57.0/24
199.16.156.0/22
199.59.148.0/22
192.133.76.0/22
192.133.76.0/23
199.96.59.0/24
199.96.58.0/24
199.96.63.0/24
199.96.56.0/21
103.252.112.0/22
103.252.114.0/23
185.45.4.0/23
69.12.56.0/21
104.244.42.0/24
185.45.5.0/24
185.45.4.0/24
199.96.56.0/24
202.160.128.0/22
202.160.128.0/24
202.160.129.0/24
202.160.130.0/24
202.160.131.0/24
104.244.40.0/24
104.244.41.0/24
185.45.6.0/23
192.44.68.0/23
192.48.236.0/23
199.96.56.0/23
199.69.58.0/23
199.96.60.0/23
199.96.62.0/23
192.44.68.0/24
192.44.69.0/24
103.252.112.0/23
104.244.44.0/24
104.244.45.0/24
104.244.46.0/24
104.244.47.0/24
69.195.160.0/19
209.237.192.0/19
209.237.192.0/24
209.237.193.0/24
209.237.194.0/24
209.237.195.0/24
209.237.196.0/24
209.237.197.0/24
209.237.198.0/24
209.237.199.0/24
209.237.200.0/24
209.237.201.0/24
209.237.202.0/24
209.237.203.0/24
209.237.204.0/24
209.237.205.0/24
209.237.206.0/24
209.237.207.0/24
209.237.208.0/24
209.237.209.0/24
209.237.210.0/24
209.237.211.0/24
209.237.212.0/24
209.237.213.0/24
209.237.214.0/24
209.237.215.0/24
209.237.216.0/24
209.237.217.0/24
209.237.218.0/24
209.237.219.0/24
209.237.220.0/24
209.237.221.0/24
209.237.222.0/24
209.237.223.0/24
69.195.160.0/24
69.195.161.0/24
69.195.162.0/24
69.195.163.0/24
69.195.164.0/24
69.195.165.0/24
69.195.166.0/24
69.195.167.0/24
69.195.168.0/24
69.195.169.0/24
69.195.170.0/24
69.195.171.0/24
69.195.172.0/24
69.195.173.0/24
69.195.174.0/24
69.195.175.0/24
69.195.176.0/24
69.195.177.0/24
69.195.178.0/24
69.195.179.0/24
69.195.180.0/24
69.195.181.0/24
69.195.182.0/24
69.195.183.0/24
69.195.184.0/24
69.195.185.0/24
69.195.186.0/24
69.195.187.0/24
69.195.188.0/24
69.195.189.0/24
69.195.190.0/24
69.195.191.0/24
64.63.0.0/18
104.244.43.0/24
64.63.63.0/24
64.63.62.0/24
103.55.162.0/24IPv6 subnets for AS13414 :-
2400:6680::/32
2606:1f80::/32
2a04:9d40::/29Monday, 18 November 2019 at 11:07:37 Greenwich Mean Time
-
And then lets not forget that these services that are served up via CDN, the same CDNs will be hosting other services... So blocking xyz.com could also block abc.com
If you want to play internet police - then you should use a proxy.. Proxy will prevent going to xyz.com but allow going to abc.com - even if hosted off the same IP.
Or just block at a dns level.. So can not lookup xyz.com, but you can lookup abc.com to go there.
-
Maybe Snort & openappid-social_networking.rules, there is a rule for Twitter.
-
Be easier to just not anything.twitter.com to be resolved ;) And don't let any other dns out..
Not sure why anyone want to block twitter though, I could see high bandwidth sites like youtube, etc. Where users streaming video could hog up bandwidth.. But some tweets? Not real bandwidth killers ;)
-
Thanks for the info.
