How do I block YouTube for a particular user



  • Hi all

    I use pfsense as a firewall router at home.  I don't have a lot of experience with it

    other than basic firewall rules.

    My son has a habit of using YouTube and wasting all our bandwidth (the very small amount that we have).  After being shaped again this month enough is enough and I want to block his access to youtube.

    I know youtube has a block of IP's, so I can;t just add a basic rule in the firewall.

    how do I block him with pfsense?

    Can I block him during specific hours if desired?

    Thanks

    Mick



  • use non transparent proxy with local authentication and wpad/pac, so you can block any site to any user with suquidguard



  • As stated I am lacking in experience with pfsense so bear with me.

    I assume you mean squidguard and not suquidguard.

    I think you are trying to say run a proxy server that required the user to log in to to allow access and then rules within the proxy would prevent access to the sites I deem as not requried.

    I have no ideal what wpad/pac is so I will have to go do some reading.

    Thanks



  • if you do not want to use a proxy you must use static ip (assign specific ip to your son's pc-mac) and find all ips used by youtube and create an alias for them, next create a schedule within firewall menu then block connections to that alias from your son's ip within that time scedule using a firewall rule

    but in this case if your son use a proxy(a free proxy via browser settings) request will direct to the proxy so your firewall can not detect the youtube connection and allow it, https/ssl is another problem also

    best way is
    -use squid non transparent with authentication
    -with firewall rules allow only squid proxy and block any other connections
    -use wpad/pac for automatic proxy dedection or manually set proxy for your pcs with browser configuration
    -use squidguard to block your son with time shedules

    this way he can not use external proxy servers, and via non transparet squid you can even block https domain connections

    wpad/pac is a file system containg three files created in /usr/local/www directory named wpad.dat, wpad.da and proxy.pac
    browsers when set to autodedect proxy looks for theese files and gets the proxy information from theese files.you can find further info about it at:
    https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid


Log in to reply