How to block YouTube in PFSense
-
Hi,
I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.
-
Maybe you want a Web Filter app as SquidGuard together with Squid.
Check: https://doc.pfsense.org/index.php/SquidGuard_packageAnother solution is to use OpenDNS DNS, register for a free account, update your IP via DNSOMATIC, use their Web Content Filtering feature.
Check: http://www.opendns.com/home-internet-security/Depends on your needs. For a basic home user the second one is preferred.
-
Hi,
I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.
If you setup the rule correctly, that should work…
Another option is to put a DNS override in (on the DNS page)... just resolve youtube.com to some bogus address.
-
Hi All,
If I block youtube, google page also not locading. So please help me. How to block block YouTube and Facebook.
Thanks,
Giridhar -
No, you do not block YT with firewall rules. Not without causing loads of collateral damage.
-
How to block block YouTube and Facebook
With an URL filter like Squid/squidGuard, or DansGuardian, or the upcoming E2Guardian.
-
Except YouTube access is https and it is a little hard to block with Squid…
Facebook you can block in firewall - pfblocker:
http://bgp.he.net/search?search[search]=facebook&commit=Search -
Except YouTube access is https and it is a little hard to block with Squid…
Since when? Squid has no problem with HTTPS if you configure it properly eg. in explicit mode with WPAD instead of transparent mode.
-
Hi,
I'd like to ask some help from you guys on how to block youtube using pfsense. I tried to use Alias and put in all the IPs of youtube i think more or less 20 IPs then created a rule on LAN pointing to my Block youtube alias but it didn't work. Any suggestion pls. Thanks in advance.
Hi!
I'm able to block youtube with pfsense and OpenDNS help.. so if it's okay for you to use openDns alongside your pfsense…your problem is solved.
I can share here the link of the guide if needed
-
I can share here the link of the guide if needed
Would be nice to here from you.
-
here https://www.youtube.com/watch?v=lZ6sEWRmvz4 If you guys have a better solution, you can share it too… Thanks
-
Hi,
Is there any option to block YouTube and Facebook (HTTPs sites) without OpenDNS and third party applications, only pf sense device?
We are not suppose to use third party application…
Also is there option keyword blocking?
Thanks,
Giridhar Daida. -
@giridhar.daida: Helps to read the thread before posting.
-
Block external DNS and set DNS to resolve youtube.com to 127.0.0.1
Keyword blocking, can't be done without a proxy, PFSense is not a proxy so you need 3rd-party software.
-
… resolve youtube.com to 127.0.0.1
Then users start using yt.ca .fr .de .co.uk … you get the picture.
-
you can block any site using blacklist in proxy server.
Path :- Services- Proxy server- ACLs- blacklist
Enter Website name in Blacklist then no one will have access to particular site
-
-
Here is another method, using new features in pfsense's dns resolver unbound
https://forum.pfsense.org/index.php?topic=131833.msg725378#msg725378
-
First of all thank to pFsense!
It's just perfect. Right now we have pFsense box hand dhcp to 15 UniFi router for our company! We just block Facebook & Youtube (Android App + iOS App)!
I use pFsense 2.2.6-RELEASE (amd64) (I am not sure about other newer version).1 - Firewall > Rules > (Interface You wanna block)
2 - Create Rule to allow the interface can talk to DNS:
(for Whom don't know how to create:
action = pass
TCP/IP Version = IPv4 _Protocol = tcp/udp
Source = Staff net {My interface name: Staff, you have your own}
Destination = Staff Address
Destination port = DNS 53
Check => Log packets that are handled by this rule)3 - Create Rule for Managers going to any where:
(for Whom don't know how to do:
=> Firewall > Aliases > add new Aliase:
Name = Managers
Hosts > Add new entry > 10.11.11.253 <= My Staff net = 10.11.11.0/24, and not surprisingly IP 253 is mine
=> Firewall > Rule:
action = pass
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Alias:Managers
Destination = Any
Destination port = Any
Check => Log packets that are handled by this rule)4 - Create Rule for blocking Facebook:
=> Firewall > Aliases > add new Aliase:
Name = facebookApp
Hosts > Bulk import from Aliases list > facebookApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Staff net
Destination = Aliases: facebookApp
Destination port = Any
Check => Log packets that are handled by this rule)5 - Create Rule for Staffs accessing allowed Website
6 - Create Rule for Managers accessing Google: <= this is how youtube app got block
- My company not allowed Google Search for users, that why Managers group is the target.
=> Firewall > Traffic Shaper > Layer7 > Create new l7 rules group
Check = Enable/Disable layer7 Container
Name = youtubeBlock
Add entry = httpvideo > action = block
=> Firewall > Aliases > add new Aliase:
Name = googleApp
Hosts > Bulk import from Aliases list > googleApp.txt <= File in the attachment
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = Aliases: Managers
Destination = Aliases: googleApp
Destination port = Any
Check => Log packets that are handled by this rule)
Advanced features = Layer7: youtubeBlock
7 - Create Rule to deny anything:
=> Firewall > Rule:
action = block
TCP/IP Version = IPv4
Protocol = tcp/udp
Source = any
Destination = any
Destination port = Any
Check => Log packets that are handled by this rule)8 - Test it on android and iOS
Good luck blocking youtube app @@
- My company not allowed Google Search for users, that why Managers group is the target.
-
Blocking "youtube" - or any other big organization, just watch http://www.wikihow.com/Access-YouTube-at-School to see the start of what might be an answer.
Blocking DNS requests won't stand long, as any user can list up in his own host file all the "yahoo" domaine names.
edit : I didn't try what @ajchhai proposed - I saw his reply after posting …
