How to block a domain instead of an IP range?

  • Hi all,

    Can any one help me with this issue? I need to block with its domain name not the IP range. I don't  want to have transparent squid in my office though.
    Please let know if there a way to block a domain with pfsense 1.2
    btw is it possible to do it with Snort, if so how?


  • you can do that by using squid guard.
    its fairly simple

  • As I mention we don't like to use a proxy in my office. But we need to block during office hours. Facebook uses no of ips and random DNS I guess. Any idea how to do this?

  • That is what i tried to said, SquidGaurd is a package in pfsense itself , thorugh which you can blacklist a domain.

  • if you want to block an entire domain… just create the file  /usr/local/etc/dnsmasq.conf

    in that file add:  address=/

    Now anyone who tries to connect to ""  will just connect back to their own system, as long as your pfsense ip is their DNS Server IP.

    I made a package called "DNS Blacklist" to do this sort of thing.  You can check it out if you like.

  • You can also admin this from the gui I found out–

    if you look on the page for the DNS forwarder, the bottom has a spot:

    Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain.

    add your domain there.

Log in to reply