LibreWolf: Block Applications from Connecting to a IP (*.googleusercontent.com)

IPv4 Cust_List:
googleusercontent.com
bc.googleusercontent.com
209.100.149.34.bc.googleusercontent.com
191.144.160.34.bc.googleusercontent.com
93.243.107.34.bc.googleusercontent.com
202.152.107.34.bc.googleusercontent.com

and
TLD Blacklist:
googleusercontent.com
bc.googleusercontent.com
209.100.149.34.bc.googleusercontent.com
191.144.160.34.bc.googleusercontent.com
93.243.107.34.bc.googleusercontent.com
202.152.107.34.bc.googleusercontent.com

and Librewolf and Firefox is still connecting with no block hits. Looking at ntopng in little details I get this:
Host:

ARIN Look-up has:

Could this be the reason its not being blocked? It appears too, because pfBlocker is coming up with:

on the IPv4. The DNS Lookup is returning:

What goes on? How do I properly just block all googles:

Net Range	34.64.0.0 - 34.127.255.255

It appears to be some masquerading here to defeat the pfBlocker? Maybe pfBlocker should make changes to use:

http://itools.com/tool/arin-whois-domain-search

as does ntopng.

Uglybrian

Hi, your OPEN DNS servers are using DOH. Thats why its not working, consider using resolver mode. Aso, what is 10.10.30.1?

nasheayahu

@Uglybrian said in LibreWolf: Block Applications from Connecting to a IP (*.googleusercontent.com):

what is 10.10.30.1?

That is or what I wanted to do, is use pfSense as my central DNS lookup server. So, what is the best way to properly set this?

Uglybrian

Below are my resolver settings. Its stock settings with only 2 changes. In system General set up. I changed DNS resolution behavior to ignore remote DNS servers from fall back.
Screenshot from 2025-02-10 08-50-43.png

In resolver I use python mode for pf Blocker. All other settings are stock.
Screenshot from 2025-06-11 11-38-12.png
I am still using ISC as my backend. If you decide to make these changes, afterwords reset your state table.

nasheayahu

@Uglybrian said in LibreWolf: Block Applications from Connecting to a IP (*.googleusercontent.com):

I am still using ISC as my backend

What is ISC?

UPDATE: I did a reset and just made adjustments to your settings. I also found my answer for ISC switching to the Kea DHCP and hoping this will give me the same results as your setup:

Anything else you can suggest to make sure I get the same results as you making sure pfBlocker handles all (browsers, apps, etc.) port 53 requests?

Uglybrian

A couple more things you can do is add one of the DoH list two PF blocker. You can find one in the feeds, D0H has feeds listed in each category of PF blocker, ipv4/6 and DNSBL. I would start with just one of the DNSBL feeds.
I would also add a firewall rule in each of your interfaces blocking external DNS resolution. You can find how to do that here.: https://docs.netgate.com/pfsense/en/latest/recipes/index.html
Go down to the DNS heading and utilize “ blocking external client DNS queries’”or “redirecting client DNS queries”
I myself just used a blocking method.
Be aware that KEA is not fully implemented into PFS yet, you may get different results than I get. But, from what I’ve read on the forms it’s working very well for a lot of users, but there are some caveat.

nasheayahu

@Uglybrian said in LibreWolf: Block Applications from Connecting to a IP (*.googleusercontent.com):

I myself just used a blocking method.

Yes, I've done this before myself in another system but keep putting it off for my current, I used pfSense pfBlockerNG configuration guide. So I decided today to get this back working. Its much easeir using granular control then generic. My system diagram is like:

Bond0 Diagram.jpg

I will be using the above quide for the Lab-pfSense. I was trying to get blocking working just using pfBlocker alone, but unsuccessful. This guide and pfSense baseline guide with VPN, Guest and VLAN support for the Bare-bone pfSense.

What do you think, any inputs and additions?