• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to block hostnames

Scheduled Pinned Locked Moved Firewalling
8 Posts 4 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Mueller
    last edited by Sep 5, 2015, 5:15 PM

    Hello,

    I'm very new to Pfsense. I've used the search function and found some topics regarding my issue but sadly all of them were discussed by expert users and therefore lack out of details.
    I just wanted to know how I can block a hostname or a list of hostnames for example:

    vortex.data.microsoft.com
vortex-win.data.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
watson.telemetry.microsoft.com

    I've downloaded pfBlockerNG. Opened the menu and go to IPv4 tab.
    THen I've added a new rule, on List action I selected "Deny both". At the bottom at IPv4 Custom list I've entered a test hostname and clicked on save.
    Then on the pfBlockerNG main window I've enabled pfBLockerNG.
    However when I ping google.de it still reponses.

    Can anyone tell me where exactly I can enter hostnames to block?
    1.jpg
    1.jpg_thumb
    2.jpg
    2.jpg_thumb

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Sep 5, 2015, 5:19 PM

      doesn't look like you have selected any interfaces to apply the rules too..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by Sep 5, 2015, 5:19 PM

        Blocking the first two will break Windows Updates. Waste of time.

        1 Reply Last reply Reply Quote 0
        • M
          Mueller
          last edited by Sep 5, 2015, 5:38 PM

          @doktornotor:

          Blocking the first two will break Windows Updates. Waste of time.

          My question was how to block hostnames (in general) not if, what I'm doing, is waste of time or not.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by Sep 5, 2015, 5:50 PM

            0/ As noted above, you didn't select any interfaces to apply the rules on.
            1/ Even if you did, this won't work unless you use DNS instead of pfBNG.
            2/ This will break your Windows updates.
            3/ Waste of time. If you have W7/8.1, simply remove the updates with the bundled shit. If you have W10, then simply do NOT use it.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Sep 5, 2015, 6:26 PM

              You know how I would block host names.  I create a alias and put in the host names and then use that rule to block..

              blockhost.png
              blockhost.png_thumb

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66
                last edited by Sep 5, 2015, 6:56 PM

                Instead of blocking IP addresses, why not place an invalid DNS entry in the DNS server? I do this with Ad servers all the time. IPs can change at any time, but if DNS doesn't work, no way around that.

                Of course if the target DNS server was not your server for some reason, you'll need to block LAN to Internet DNS queries.

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by Sep 5, 2015, 10:29 PM

                  yup that is a sure way point whatever you don't want people to go to 127.0.0.1

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received