Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to Block UltraSurf

    Firewalling
    1
    1
    2866
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alfredopea last edited by

      Blocking UltraSurf:

      1. Install pfBlocker in pfSense 2.0
      2. Enter the following address in your browser: https://www.countryipblocks.net/
      3. From the main menu page select ACL's
      4. Select the country "Tawian, Province of China" and generate a list in CIDR format, then copy to clipboard the information
      5. Go to pfBlocker module from Firewall -> PfBlocker
      6. Select the tab "List" and proceed to generate a new list the name wherever you want, in "Action List" select "Deny Both"
      7. Then paste the CIDR list in "CIDR" textbox
      8. Click on the tab "General", to enable this module just click "Enable"
      9. Inbound Interface select "WAN" by default or depending on how you receive your ISP signal.
      10. "Deny Indbound Action" select "Block"
      11. "Outbund Interfaces" select "LAN" interfaces or VLANs you have defined
      12. "Outbound deny action" select "Reject"
      13. Save the changes
      14. Create or change the rule to make DNS queries to the IP of your internal DNS server (LAN Subnet allow "TCP/UDP" to Destination: YOUIPDNS, Protocol:DNS), it's necessary to enable Services -> DNS Forwarder.

      Verify that the rules were generated in "Firewall"–> "Rules" on WAN interfaces, LAN or VLANs that you have previously set in your pfSense box, unfortunately UltraSurf required to operate most of ips that are housed in the province ( Taiwan), the simplest is to block all the segments. I understand that this is'n very elegant but at least...work, tested on pfSense 2.0.1-RELEASE (amd64), I hope this post be useful for your purposes.

      And sorry about my English.

      Ing. Alfredo Peña Ramos
      Viva el Software Libre!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post