How To Block Websites Using Pfsense Firewall Feature

17/11/2018 How to block websites using pfsense firewall feature.
| Top Computer Networking Guide
  
Top Computer Networking Guide

The complete guide.
How to block websites using pfsense firewall feature.
https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 1/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide
For most intent and purposes, the squid proxy server/squidguard setup can be used
to block specific websites from been accessed by users in our lan. You can use a
blacklist as shown in the squid proxy server guide for pfsense.
You can even go further to create rules to block one group of computers while
giving access to another group or subnet.
Howerver, if you have configured certificates using the certificate manager in

pfsense, then deployed them to your client machines and if you have configured
squid to use ssl man in the middle filtering, then you should be alright as your
pfsense proxy will monitor https traffic as well as http traffic and block websites
according to your rule that use the https protocol e.g facebook.
But deploying certificates to the client machines an be a hassle especially if you
have large numbers of computers and find it inconvenient to manually move from
one machine to the other installing certificates. Active directory certificate service
can come to the rescue . It enables you remotely issue certificates to the right store
in the client machine, but that is of course, if you have the certificate server in
your network.
If you need to simply block access from groups of computers to simple sites like
facebook.com e.t.c temporarily or while you figure out how to install your
certificates onto remote machines, or permanently if you prefer this solution,
simply use the firewall feature in pfsense.
This guide will show you how to block websites using the pfsense firewall feature.
Step 1: Create an alias under firewall. Firewall => alias. Click on IP tab and click
on the + sign to add alias. Call it something intuitive like fb_blocker_list and give
it a description.
Also in the type field, select network, and enter in the ip address range used by
facebook or the website to be blocked. A simple google search should give you
this result.
As at present, facebook ip addresses are
31.13.24.0/21, 31.13.64.0/18, 45.64.40.0/22, 66.220.144.0/20, 69.63.176.0/20,
69.171.224.0/19, 74.119.76.0/22, 103.4.96.0/22, 129.134.0.0/16, 157.240.0.0/16,
173.252.64.0, 179.60.192.0, 185.60.216.0, 204.15.20.0
Now save and apply changes. Then go back to firewall tab => rules and then click
on lan.
Now click on the + sign to add a rule.

Set the action=block,
tcp/ip=ipv4,
interface=lan
Protocol=tcp/udp
In the destination, select the type to be single host or alias. In the red box under,
start typing your alias name e.g fb_bl… and the system will bring out your alias,
simply click on it to select it.
Now save it and apply changes.

Now try to access facebook.com from any computer on the local network.
Bear in mind that I have my squid proxy already setup in transparent mode and it
logs and blocks http traffic depending on my rules. Howerver, it doesn’t block
https traffic since I have not configured the ssl man in the middle filtering. I will
do just that in a later guide. But to prevent my users from consuming company
data and playing during work hours, I have implemented this temporary or
permanent solution depending on how you see it.
It is possible that your company may have a social media team that promotes the
business on social media. Also your manager or CEO may want access to
facebook. In this case, you can create a rule above the blocked rule to allow
access to facebook for your manager computer ip and the social media team ip
addresses alike.
Here is how to do it.
Go to firewall => alias and click the plus sign to create an alias called
allowed_to_access_fb. In the type, select host and enter as many ip addresses as
you would like to have access to facebook.
Now click save and apply changes.

Go back to firewall=>rules=>lan and click the plus sign to add a new rule.
Set the action to pass
Interface to lan
Protocol to tcp/udp
Tcp version to ipv4
Source type to single host or alias and then select the alias
“allowed_to_access_fb”
Destination type to single host or alias and then select the alias “fb_blocker_list”
Now save and apply changes.
Try to access facebook from the ip address allowed, the result is
Next, we will look at how to monitor and block traffic using certificates based on
the https protocol with pfsense.
Did You Enjoy What You Join over 1.000 visitors who are receiving our newsletter
Read? Sign Up To Our News and learn how to design networks that work using open
Letter source technology and commercial offerings. Also learn
how to proactively defend against security threats.
Enter Your Name
We hate spam. Your email address will not be sold or shared

Enter Your Email
with anyone else.
SIGN UP NOW
I agree to have my personal information transfered to
MailChimp ( more information )
Related Posts:
1. Squid Proxy Server Setup Guide
2. Pfsense Installation and Configuration Step by Step
3. How To Install and Configure Vyos Router-Basic Settings
4. CONFIGURE DHCP ON VYOS ROUTER
0 Comments Top Network Guide 

1 Login
 Recommend Sort by Best
Start the discussion…
LOG IN WITH
OR SIGN UP WITH DISQUS ?
Name
Be the first to comment.
ALSO ON TOP NETWORK GUIDE
Computer Networking Fundamentals and The Tools How to Use Python to Ping all IP Addresses on a
Needed network
1 comment • a year ago 2 comments • a year ago
Juxmarn Victor — thanks for recomendations Martins Ogbonna — Your question helped me look at the
script once again, then I identified the mistake. The Popen
reads the data from stdout and stderr untill the end of file is …
How To: Opsi Server Installation on Ubuntu Server 16.04 Zentyal Server as a Drop-in Replacement for Microsoft
6 comments • 10 months ago Active Directory
Martins Ogbonna — opsi-setup --configure-mysql is the 5 comments • a year ago
correct command. I may have to include pictures so that the Martins Ogbonna — Thank you george. I had the same issues
use of double dash or hyphen can be seen correctly when I started using zentyal.. My personal experience shows
that you can have a minimum of 512MB RAM for running …
✉ Subscribe d Add Disqus to your siteAdd DisqusAdd 🔒 Disqus' Privacy PolicyPrivacy PolicyPrivacy
SE A RCH … 
Free Linux Networking e-book
 First Name
 Your Email
Get it Now
We respect your privacy, therefore we will not

spam you
Like us on facebook

How To Block Websites Using Pfsense Firewall Feature

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Block Websites Using Pfsense Firewall Feature

Uploaded by

Copyright:

Available Formats

17/11/2018 How to block websites using pfsense firewall feature.

| Top Computer Networking Guide

Top Computer Networking Guide

How to block websites using pfsense firewall feature.

Howerver, if you have configured certificates using the certificate manager in

Now click on the + sign to add a rule.

Now save it and apply changes.

Now click save and apply changes.

We hate spam. Your email address will not be sold or shared

0 Comments Top Network Guide 

 Recommend Sort by Best

Start the discussion…

Be the first to comment.

ALSO ON TOP NETWORK GUIDE

Free Linux Networking e-book

We respect your privacy, therefore we will not

You might also like