Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved]Is Aliases can block?

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 574 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vincent_28
      last edited by Vincent_28

      Hello guys i have question with the Aliases.

      I go at IP. then i click add then i choose HOST i input like www.twitter.com then save name like "block"

      Then i go to Firewall > Rules > Lan then i add block then i set in Single host or alias, then i choose "block".

      Then i clear all history in chrome then i reload the Filter Reload in the PFSense. then i search twitter and still able to browse the twitter.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Vincent_28
        last edited by Gertjan

        Yes, aliases can be used to block.
        Works best using IP's, but it can work using URL. The URL will get resolved for you.

        @Vincent_28 said in Is Aliases can block?:

        I go at IP. then i click add then i choose HOST i input like www.twitter.com then save name like "block"

        Wait ...
        You think www.twitter.com points to a (one :) unique IP ?
        If that was so, it would probably work : the URL ( www.twitter.com ) will get converted to an IP - the IP from twitter - and you'll be happy.
        Btw : the firewall uses IP's, not URL's.

        Now for bad news :
        twitter - youtube - facebook, outlook, yahoo - netflix - amazon - etc etc etc (the big ones) use not one IP.
        They use thousands of IP's .... and they also use many IPv6 ....
        And to make things wore : they maintain there servers, and when they do so, they take it out of the "circulation" (they remove the IP as a possible A address) - and put in others in place.
        They do the same thing for load balancing.

        Look at this :

        [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dig twitter.com A +short
        104.244.42.65
        104.244.42.129
        

        I wait a minute or so and repeat the command :

        [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: dig twitter.com A +short
        104.244.42.193
        104.244.42.129
        

        You saw it ? One of the IP's changed !

        So, no, putting in an URL in alias and think that will help you to block a domain name, that's ok and often works. But not for the "big ones".

        The subject is known, you can find many forum messages about this subject.
        You'll be needing pfBlockerNG or something Squid family (have no experience with the latter).

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by NogBadTheBad

          You may be better blocking via ASN number with pfBlockerNG-devel.

          AS details for AS13414 :-

          aut-num: AS13414
          as-name: TWITTER
          descr: Twitter
          import: from AS-ANY accept ANY AND NOT {0.0.0.0/0}
          export: to AS-ANY announce AS-TWITTER AND NOT {0.0.0.0/0}
          admin-c: NETWO3685-ARIN
          tech-c: NETWO3685-ARIN
          notify: noc@twitter.com
          mnt-by: MAINT-AS13414
          changed: rcarroll@twitter.com 20190702 #08:43:36Z
          source: RADB

          IPv4 subnets for AS13414 :-

          199.96.57.0/24
          199.16.156.0/22
          199.59.148.0/22
          192.133.76.0/22
          192.133.76.0/23
          199.96.59.0/24
          199.96.58.0/24
          199.96.63.0/24
          199.96.56.0/21
          103.252.112.0/22
          103.252.114.0/23
          185.45.4.0/23
          69.12.56.0/21
          104.244.42.0/24
          185.45.5.0/24
          185.45.4.0/24
          199.96.56.0/24
          202.160.128.0/22
          202.160.128.0/24
          202.160.129.0/24
          202.160.130.0/24
          202.160.131.0/24
          104.244.40.0/24
          104.244.41.0/24
          185.45.6.0/23
          192.44.68.0/23
          192.48.236.0/23
          199.96.56.0/23
          199.69.58.0/23
          199.96.60.0/23
          199.96.62.0/23
          192.44.68.0/24
          192.44.69.0/24
          103.252.112.0/23
          104.244.44.0/24
          104.244.45.0/24
          104.244.46.0/24
          104.244.47.0/24
          69.195.160.0/19
          209.237.192.0/19
          209.237.192.0/24
          209.237.193.0/24
          209.237.194.0/24
          209.237.195.0/24
          209.237.196.0/24
          209.237.197.0/24
          209.237.198.0/24
          209.237.199.0/24
          209.237.200.0/24
          209.237.201.0/24
          209.237.202.0/24
          209.237.203.0/24
          209.237.204.0/24
          209.237.205.0/24
          209.237.206.0/24
          209.237.207.0/24
          209.237.208.0/24
          209.237.209.0/24
          209.237.210.0/24
          209.237.211.0/24
          209.237.212.0/24
          209.237.213.0/24
          209.237.214.0/24
          209.237.215.0/24
          209.237.216.0/24
          209.237.217.0/24
          209.237.218.0/24
          209.237.219.0/24
          209.237.220.0/24
          209.237.221.0/24
          209.237.222.0/24
          209.237.223.0/24
          69.195.160.0/24
          69.195.161.0/24
          69.195.162.0/24
          69.195.163.0/24
          69.195.164.0/24
          69.195.165.0/24
          69.195.166.0/24
          69.195.167.0/24
          69.195.168.0/24
          69.195.169.0/24
          69.195.170.0/24
          69.195.171.0/24
          69.195.172.0/24
          69.195.173.0/24
          69.195.174.0/24
          69.195.175.0/24
          69.195.176.0/24
          69.195.177.0/24
          69.195.178.0/24
          69.195.179.0/24
          69.195.180.0/24
          69.195.181.0/24
          69.195.182.0/24
          69.195.183.0/24
          69.195.184.0/24
          69.195.185.0/24
          69.195.186.0/24
          69.195.187.0/24
          69.195.188.0/24
          69.195.189.0/24
          69.195.190.0/24
          69.195.191.0/24
          64.63.0.0/18
          104.244.43.0/24
          64.63.63.0/24
          64.63.62.0/24
          103.55.162.0/24

          IPv6 subnets for AS13414 :-

          2400:6680::/32
          2606:1f80::/32
          2a04:9d40::/29

          Monday, 18 November 2019 at 11:07:37 Greenwich Mean Time

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            And then lets not forget that these services that are served up via CDN, the same CDNs will be hosting other services... So blocking xyz.com could also block abc.com

            If you want to play internet police - then you should use a proxy.. Proxy will prevent going to xyz.com but allow going to abc.com - even if hosted off the same IP.

            Or just block at a dns level.. So can not lookup xyz.com, but you can lookup abc.com to go there.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by

              Maybe Snort & openappid-social_networking.rules, there is a rule for Twitter.

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Be easier to just not anything.twitter.com to be resolved ;) And don't let any other dns out..

                Not sure why anyone want to block twitter though, I could see high bandwidth sites like youtube, etc. Where users streaming video could hog up bandwidth.. But some tweets? Not real bandwidth killers ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • V
                  Vincent_28
                  last edited by

                  Thanks for the info.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.