How to block hostnames
-
Hello,
I'm very new to Pfsense. I've used the search function and found some topics regarding my issue but sadly all of them were discussed by expert users and therefore lack out of details.
I just wanted to know how I can block a hostname or a list of hostnames for example:vortex.data.microsoft.com vortex-win.data.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net watson.telemetry.microsoft.com
I've downloaded pfBlockerNG. Opened the menu and go to IPv4 tab.
THen I've added a new rule, on List action I selected "Deny both". At the bottom at IPv4 Custom list I've entered a test hostname and clicked on save.
Then on the pfBlockerNG main window I've enabled pfBLockerNG.
However when I ping google.de it still reponses.Can anyone tell me where exactly I can enter hostnames to block?
-
doesn't look like you have selected any interfaces to apply the rules too..
-
Blocking the first two will break Windows Updates. Waste of time.
-
Blocking the first two will break Windows Updates. Waste of time.
My question was how to block hostnames (in general) not if, what I'm doing, is waste of time or not.
-
0/ As noted above, you didn't select any interfaces to apply the rules on.
1/ Even if you did, this won't work unless you use DNS instead of pfBNG.
2/ This will break your Windows updates.
3/ Waste of time. If you have W7/8.1, simply remove the updates with the bundled shit. If you have W10, then simply do NOT use it. -
You know how I would block host names. I create a alias and put in the host names and then use that rule to block..
-
Instead of blocking IP addresses, why not place an invalid DNS entry in the DNS server? I do this with Ad servers all the time. IPs can change at any time, but if DNS doesn't work, no way around that.
Of course if the target DNS server was not your server for some reason, you'll need to block LAN to Internet DNS queries.
-
yup that is a sure way point whatever you don't want people to go to 127.0.0.1