Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    blocking addons firefox and chrome

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 904 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      Greetings,

      I've setup pfblocker-NG blocking many sites and proxy. I would like to block extension of chrome and firefox . Is there any way to accomplish this .

      Regards

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @scorpoin
        last edited by

        @scorpoin said in blocking addons firefox and chrome:

        Is there any way to accomplish this .

        What extension ?
        A dictionary ? An extension that makes http(s) request on it's own ?

        A firewall isn't really suitable to control an application running on a PC somewhere on the LAN.
        What you can do : blocking destination (and souce) IP's and FQDN's.
        You should control the application directly.

        Maybe some real MITM could work : see the Squid family.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S
          scorpoin
          last edited by

          Thanks for your reply @Gertjan , actually by mean of extension is plugins like vpn addon or any other proxy addon in chrome and firefox browser. I'm very well aware of squid but thing is when its come to inspect https then things goes wrong here , pushing cert etc and some financial web site does not encourage MiTM / squid.

          Regards

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @scorpoin
            last edited by

            Still, MITM is the only way.

            The 'TLS' (https) tunnel is created on your PC (or whatever device you use) and totally inaccessible for pfSense - or for any body else on the route to the final destination.
            You need to undo the TLS stream, so you can look into the packets to see what happens.
            "They say" that it is possible.
            And from what I know : it's not a thing you do in an afternoon or so ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yes, there's no way to do that directly.

              You can try to block proxies using lists of known proxy IPs in pfBlocker.

              You can try to block VPNs using Snort.

              Both will likely be only partially successful.

              Steve

              S 1 Reply Last reply Reply Quote 1
              • S
                scorpoin @stephenw10
                last edited by

                @stephenw10 Thanks for your response. I've tried snort couple of months back , but having strange issue it started to block whole network after activation. So I had to disable snort. I want snort to work with pfblocker as double layer of filtration .

                Even I unchecked the block offender option.

                Regards

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Snort should not block anything if 'block offenders' is not enabled. So if it was doing anything there is must have been either misconfigured or inducing some other issue, like exhausting some resource.

                  Steve

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    scorpoin @stephenw10
                    last edited by

                    @stephenw10
                    I will retest it will get back to you

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.