How to block hostnames



  • Hello,

    I'm very new to Pfsense. I've used the search function and found some topics regarding my issue but sadly all of them were discussed by expert users and therefore lack out of details.
    I just wanted to know how I can block a hostname or a list of hostnames for example:

    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    

    I've downloaded pfBlockerNG. Opened the menu and go to IPv4 tab.
    THen I've added a new rule, on List action I selected "Deny both". At the bottom at IPv4 Custom list I've entered a test hostname and clicked on save.
    Then on the pfBlockerNG main window I've enabled pfBLockerNG.
    However when I ping google.de it still reponses.

    Can anyone tell me where exactly I can enter hostnames to block?




  • Rebel Alliance Global Moderator

    doesn't look like you have selected any interfaces to apply the rules too..


  • Banned

    Blocking the first two will break Windows Updates. Waste of time.



  • @doktornotor:

    Blocking the first two will break Windows Updates. Waste of time.

    My question was how to block hostnames (in general) not if, what I'm doing, is waste of time or not.


  • Banned

    0/ As noted above, you didn't select any interfaces to apply the rules on.
    1/ Even if you did, this won't work unless you use DNS instead of pfBNG.
    2/ This will break your Windows updates.
    3/ Waste of time. If you have W7/8.1, simply remove the updates with the bundled shit. If you have W10, then simply do NOT use it.


  • Rebel Alliance Global Moderator

    You know how I would block host names.  I create a alias and put in the host names and then use that rule to block..




  • Instead of blocking IP addresses, why not place an invalid DNS entry in the DNS server? I do this with Ad servers all the time. IPs can change at any time, but if DNS doesn't work, no way around that.

    Of course if the target DNS server was not your server for some reason, you'll need to block LAN to Internet DNS queries.


  • Rebel Alliance Global Moderator

    yup that is a sure way point whatever you don't want people to go to 127.0.0.1