Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    blocking apps in pfsense on smartphone

    pfBlockerNG
    2
    5
    110
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Anderson Pablo Araujo Barbosa
      last edited by

      good afternoon!

      How do I block apps like YouTube and Instagram on smartphones on a WiFi network that goes through pfsense? I'm using pfblocker, which blocks everything correctly via the browser, but when I go to the app, it goes through...

      M 1 Reply Last reply Reply Quote 0
      • M
        mcury @Anderson Pablo Araujo Barbosa
        last edited by

        @Anderson-Pablo-Araujo-Barbosa Are you blocking by ASN or DNSBL ?

        dead on arrival, nowhere to be found.

        A 1 Reply Last reply Reply Quote 0
        • A
          Anderson Pablo Araujo Barbosa @mcury
          last edited by

          DNSBL

          M 1 Reply Last reply Reply Quote 0
          • M
            mcury @Anderson Pablo Araujo Barbosa
            last edited by mcury

            @Anderson-Pablo-Araujo-Barbosa said in blocking apps in pfsense on smartphone:

            DNSBL

            You are probably facing a problem with DOH, or DOT.

            You won't be able to use ASN to block Youtube only, Google ASN has much more services that you would be blocking also, such as, Gmail, google.com and etc..

            Try this:

            1- Create a firewall rule blocking connections from the local network to any destination on port TCP 853.
            2- Create a firewall rule, allowing users to use pfSense's DNS, if that doesn't exist already.
            3- Create a firewall rule below the one created above, blocking connections to any other destination on TCP/UDP 53, or use the redirection method at the bottom (preferred).
            4- Go to pfBlockerNG, feeds, add these 4 DOH feeds:

            062b8ea0-c823-44b3-abdc-98552acb165c-image.png

            5 - Also add these 2 feeds: (OPTIONAL, these will block connections to 8.8.8.8 which may break Android devices).
            f7e650a0-a0c0-4649-a8ae-339973bb71f1-image.png

            Then, update pfblockerNG and test again.

            If that doesn't work, you can try to use the built-in feature in pfBlockerNG:
            Note: These built-in lists don't see to be update so often, so I would prefer use the 4 lists mentioned above.

            Go to:
            Firewall > pfBlockerNG > DNSBL > DNSBL SafeSearch
            Tick enable for DoH/DoT/DoQ Blocking, select everything in that list, save, then update pfBlockerNG and test.

            If you want to proceed further, there is an option to redirect DNS going to the internet to pfSense, although I don't recommend that.
            As per my experience with it, it breaks android when it tries to reach 8.8.8.8..
            Yes, android sometimes ignores the DNS you give to it through DHCP.

            https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

            Edit: Make sure users are receiving the correct DNS server from pfSense's DHCP server.
            Edit 2: If you are using IPv6, also include the IPv6 feeds of the same type.

            dead on arrival, nowhere to be found.

            A 1 Reply Last reply Reply Quote 0
            • A
              Anderson Pablo Araujo Barbosa @mcury
              last edited by

              will do the tests!
              Thank you.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.