Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking Sites

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      danlad2010
      last edited by

      Hi All
      im after some help with blocking websites.
      ive just installed a new copy of PF Sense at home to replace my currant firewall (IPCop) but im wanting to know how i can stop my children accessing websites like i can with IPCop by blocking them by catorgery and also cut there internet access at set times so they are not on the internet at 3am.
      each device on my network has its own reservation set by PFSense.

      please can you tell me how i can block website to certain devices?

      many thanks.

      1 Reply Last reply Reply Quote 0
      • T Offline
        tivo
        last edited by

        You might want to think about using OpenDNS in conjunction with pfSense.  I have static IPs for my SOHO, so this free solution is  a bit easier for my case.

        To paint a picture, your steps would be something like:

        • register and create an account with OpenDNS.  Configure OpenDNS with kid-friendly/family-friendly settings

        • in pfSense under System/General Setup configure to use OpenDNS dns servers ( I think 208.67.222.222 and 208.67.220.220 )

        • in pfSense enable DNS Forwarding under Services/DNS Forwarder for all interfaces

        • in pfSense Firewall/Rules, make 3 rules in this order, for each LAN : 1) enable port 53 to lan gw (ex: 10.0.0.1), 2) enable parent's computer(s) access to 8.8.4.4 port 53, 3) drop port 53 to all other ips

        This approach allows you to lock down the dns responses on the LAN side of your FW to only OpenDNS approved responses.  In the event that mommy or daddy want to look at something else ( violence, political, <other>) then you can change the DNS setting on the parent's computer to 8.8.4.4 ( Google's dns ).  When finished, change the DNS settings on the parent's computer back to the LAN's gateway address ( what ever it is : 192.168.1.1, 10.0.0.1, … ) and say to yourself : "mischief managed".

        NOTE : If you're public egress ( WAN IP ) is not a static IP, I think there's an option to run an application supplied by OpenDNS to dynamically update your wan ip in their system, so they can respond to DNS queries based on your settings.

        NOTE2 : I wish pfSense had a widget that would integrate with OpenDNS, keep OpenDNS updated with your egress ip, and provide the OpenDNS UI within the pfSense console to make this easier for folks.

        NOTE3 : As a general security practice, I would always recommend a whitelist-approach over a blacklist-approach.  For example, rather than lock down certain sites for your kid's devices, it would be better to lock down then entire network and then open access on an as-needed basis to certain devices.</other>

        1 Reply Last reply Reply Quote 0
        • D Offline
          danlad2010
          last edited by

          Thanks Tivo

          Is there no inbuild software in PFSense that already allows you to block by category?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.