Want to block shopping sites
-
I am try to block some shopping sites by using the URLs. Funny I know.
I set up URLs under Firewall, Aliases, URLs.
I then added a a rule under Firewall, Rules, LAN rejecting the Source as the LAN and the destination addresses or aliases adding the alias I created.When I try to go to that site it is not blocked or rejected. it still allows the connection.
I have read the documentation. It seems I am doing it correctly. However, it still does not work.
Suggestions?
-
Check to see if your web browser is using Doh.
-
@Uglybrian DoH was on in the browser. I turned it off and restarted the browser. cleared cache. still able to access.
Windows 11 and Google Chrome.
-
Your rule is still being circumvented or the the firewall block list are not complete/incorrect. You can tell by your 0/0B is not showing anything. What are you using as dns and are you blocking any public Doh servers?
Here is an example of a url table block list:
See the 3KIB...... this rule is working. Its for blocking popular Doh servers on ipv4.
When i do a DNS look up on qvc I get a different ip address.
-
@Uglybrian I was wondering that the QVC IP looking a little off.
I am using the BIND DNS Server with forwarding to 208.67.220.220 and 208.67.222.222.
Should I be using DNS resolver or DNS forwarder? -
I can’t make a suggestion either way, as I do not know the circumstances of your network. Whichever one you prefer and feel comfortable with would be the best one for you. I have no experience with BIND, I use the built-in resolver. No point in referforwarding to a middleman unless you are using some kind of shielding or filtering from them. I just use PF blocker for that. The servers you are forwarding to also do doh.
doh.opendns.com . It’s a pain to get your clients to follow your rules with doh involved.
If you resolved, that’s one layer you have to get your clients to behave.
Next layer would be using the PFS recipes https://docs.netgate.com/pfsense/en/latest/recipes/index.html
And use the (blocking external client DNS queries). Then find a doh block list that you like on GitHub. Reset your state table and then see how well your shopping block list works -
@Uglybrian well I have tried every combination of DNS resolver, forwarder, BIND on the netgate, Just can't get the URL filter to work. Diagnostics, DNS lookup works and comes up with a correct response.
Time to call it a loss and try something else.
-
A loss ?
If you can use pfBlockerng(-devel), you could uses these :
I didn't show the entire list, but it is long. Commercial sites are listed in their category.
Do not use the XXX list before reading about, as it uses 4++ Mbytes of RAM, (and a big disk).
Remember : pfBlockerng is a host name (DNS) or URL filter.
-
Sorry you couldn’t get things figured out. Is it possible for you to share your current set up.
