How to block YouTube in PFSense

jonfil0130

Hi,

I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.

Wolf666

Maybe you want a Web Filter app as SquidGuard together with Squid.
Check: https://doc.pfsense.org/index.php/SquidGuard_package

Another solution is to use OpenDNS DNS, register for a free account, update your IP via DNSOMATIC, use their Web Content Filtering feature.
Check: http://www.opendns.com/home-internet-security/

Depends on your needs. For a basic home user the second one is preferred.

rjcrowder

@jonfil0130:

Hi,

I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.

If you setup the rule correctly, that should work…

Another option is to put a DNS override in (on the DNS page)... just resolve youtube.com to some bogus address.

giridhar.daida

Hi All,

If I block youtube, google page also not locading. So please help me. How to block block  YouTube and Facebook.

Thanks,
Giridhar

doktornotor

No, you do not block YT with firewall rules. Not without causing loads of collateral damage.

KOM

How to block block  YouTube and Facebook

With an URL filter like Squid/squidGuard, or DansGuardian, or the upcoming E2Guardian.

n3by

Except YouTube access is https and it is a little hard to block with Squid…

Facebook you can block in firewall - pfblocker:

http://bgp.he.net/search?search[search]=facebook&commit=Search

KOM

Except YouTube access is https and it is a little hard to block with Squid…

Since when?  Squid has no problem with HTTPS if you configure it properly eg. in explicit mode with WPAD instead of transparent mode.

noriel

@jonfil0130:

Hi,

I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.

Hi!

I'm able to block youtube with pfsense and OpenDNS help.. so if it's okay for you to use openDns alongside your pfsense…your problem is solved.

I can share here the link of the guide if needed

Guest

I can share here the link of the guide if needed

Would be nice to here from you.

noriel

here https://www.youtube.com/watch?v=lZ6sEWRmvz4 If you guys have a better solution, you can share it too… Thanks

giridhar.daida

Hi,

Is there any option to block YouTube and Facebook (HTTPs sites) without OpenDNS and third party applications, only pf sense device?

We are not suppose to use third party application…

Also is there option keyword blocking?

Thanks,
Giridhar Daida.

doktornotor

@giridhar.daida: Helps to read the thread before posting.

Harvy66

Block external DNS and set DNS to resolve youtube.com to 127.0.0.1

Keyword blocking, can't be done without a proxy, PFSense is not a proxy so you need 3rd-party software.

jahonix

@Harvy66:

… resolve youtube.com to 127.0.0.1

Then users start using yt.ca  .fr  .de  .co.uk  … you get the picture.

itthelip

you can block any site using blacklist in proxy server.

Path :- Services- Proxy server- ACLs- blacklist

Enter Website name in Blacklist then no one will have access to particular site

moscato359

@jahonix:

@Harvy66:

… resolve youtube.com to 127.0.0.1

Then users start using yt.ca  .fr  .de  .co.uk  … you get the picture.

If I go to any of those, it redirects me to youtube.com

This is the .de version's URL
https://www.youtube.com/?hl=de&gl=DE

mcdiesel

Here is another method, using new features in pfsense's dns resolver unbound

https://forum.pfsense.org/index.php?topic=131833.msg725378#msg725378

chhinfo

First of all thank to pFsense!
It's just perfect. Right now we have pFsense box hand dhcp to 15 UniFi router for our company! We just block Facebook & Youtube (Android App + iOS App)!
I use pFsense 2.2.6-RELEASE (amd64) (I am not sure about other newer version).

1 - Firewall > Rules > (Interface You wanna block)

2 - Create Rule to allow the interface can talk to DNS:
    (for Whom don't know how to create:
              action = pass
              TCP/IP Version = IPv4 _Protocol = tcp/udp
              Source = Staff net {My interface name: Staff, you have your own}
              Destination = Staff Address
              Destination port = DNS 53
              Check => Log packets that are handled by this rule)

3 - Create Rule for Managers going to any where:
    (for Whom don't know how to do:
        => Firewall > Aliases > add new Aliase:
              Name = Managers
              Hosts > Add new entry > 10.11.11.253              <= My Staff net = 10.11.11.0/24, and not surprisingly IP 253 is mine
        => Firewall > Rule:
              action = pass
              TCP/IP Version = IPv4
              Protocol = tcp/udp
              Source = Alias:Managers
              Destination = Any
              Destination port = Any
              Check => Log packets that are handled by this rule)

4 - Create Rule for blocking Facebook:
        => Firewall > Aliases > add new Aliase:
              Name = facebookApp
              Hosts > Bulk import from Aliases list > facebookApp.txt                    <= File in the attachment
        => Firewall > Rule:
              action = block
              TCP/IP Version = IPv4
              Protocol = tcp/udp
              Source = Staff net
              Destination = Aliases: facebookApp
              Destination port = Any
              Check => Log packets that are handled by this rule)

5 - Create Rule for Staffs accessing allowed Website

6 - Create Rule for Managers accessing Google:                          <= this is how youtube app got block

• My company not allowed Google Search for users, that why Managers group is the target.
          => Firewall > Traffic Shaper > Layer7 > Create new l7 rules group
                Check = Enable/Disable layer7 Container
                Name = youtubeBlock
                Add entry = httpvideo > action = block
          => Firewall > Aliases > add new Aliase:
                Name = googleApp
                Hosts > Bulk import from Aliases list > googleApp.txt                    <= File in the attachment
          => Firewall > Rule:
                action = block
                TCP/IP Version = IPv4
                Protocol = tcp/udp
                Source =  Aliases: Managers
                Destination = Aliases: googleApp
                Destination port = Any
                Check => Log packets that are handled by this rule)
                Advanced features = Layer7: youtubeBlock

7 - Create Rule to deny anything:
        => Firewall > Rule:
              action = block
              TCP/IP Version = IPv4
              Protocol = tcp/udp
              Source = any
              Destination = any
              Destination port = Any
              Check => Log packets that are handled by this rule)

8 - Test it on android and iOS

Good luck blocking youtube app @@

facebookApp.txt
googleApp.txt_

Gertjan

Blocking "youtube" - or any other big organization, just watch http://www.wikihow.com/Access-YouTube-at-School to see the start of what might be an answer.

Blocking DNS requests won't stand long, as any user can list up in his own host file all the "yahoo" domaine names.

edit : I didn't try what @ajchhai proposed - I saw his reply after posting …