Controlling/Limiting web URL access via dns
-
Hello
I use PFsense (2.6.0) as the primary DNS server on my local network which means any requests go through my PFS box and then routed internally or externally. I need to restrict some local devices from accessing specific external sites (URLs) and since DNS resolves URLs to ip addresses I want to use some form of DNS filtering to enforce web site restrictions. Can someone suggest a way to do this as I have not been able to crack this nut. So the ask is real simple, code PFS box to restrict URL access to certain sites for certain devices connected to the local network. Thank you. -
You'd probably be better off looking at blocklisting in Squid if you want to do it just on your pfsense.
There are ways to filter it on a DNS level, plenty of services out there offer it via subscriptions (some maybe free, but read up) mostly you just forward your traffic through them, and you can use their blocklists, or make your own.
-
@bossaops Thank you. Yes not interested in using external sources, want to manage the list locally. So by using squid I can say for example configure it to block youtube.com, tiktok.com, and so on? I know they have preconfigured blacklists which might be a nice addition but I want to ensure specific sites that I identify can be blocked. Just out of curiosity..how difficult would this be within squid?
-
@rjp1267 If you want to block on all PCs, you can add a Host Override in the DNS Resolver settings, to send (www.)facebook.com to 127.0.0.2 or something. You probably also need to block DNS over HTTPS since many browsers use that to bypass local DNS servers.
-
@steveits Thanks for that suggestion, I want to apply to certain devices not all. Is squidguard.org the default site for the documentation? The current version they list 1.3 seems dated, the version I have installed is
-
@rjp1267 pfSense package versions are not necessarily related to software versions. Note that lists squidguard-1.4.
-
@steveits Thanks for that, bit confusing how they capture the versions, I will rely on PFS to know whats most current version of the package. So would the Netgate site be the best place for the squidgard manual to configure the service?