Scribd
Upload
157 views

How To Block Websites Using Pfsense Firewall Feature

This document provides instructions for blocking websites using the firewall feature in pfSense. It describes creating an alias for the IP addresses of the website to block, such as Facebook. Then a firewall rule is added to the LAN interface to block traffic to the alias. Exceptions can be made by creating an alias for allowed IPs and adding a rule above to pass traffic to the blocked alias from the allowed alias. This allows blocking a website for most users while still providing access for selected users, like social media teams.

Uploaded by

Vcasti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
157 views

How To Block Websites Using Pfsense Firewall Feature

This document provides instructions for blocking websites using the firewall feature in pfSense. It describes creating an alias for the IP addresses of the website to block, such as Facebook. Then a firewall rule is added to the LAN interface to block traffic to the alias. Exceptions can be made by creating an alias for allowed IPs and adding a rule above to pass traffic to the blocked alias from the allowed alias. This allows blocking a website for most users while still providing access for selected users, like social media teams.

Uploaded by

Vcasti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

17/11/2018 How to block websites using pfsense firewall feature.

| Top Computer Networking Guide

  

Top Computer Networking Guide


The complete guide.

How to block websites using pfsense firewall feature.

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 1/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

For most intent and purposes, the squid proxy server/squidguard setup can be used
to block specific websites from been accessed by users in our lan. You can use a
blacklist as shown in the squid proxy server guide for pfsense.

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 2/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

You can even go further to create rules to block one group of computers while
giving access to another group or subnet.

Howerver, if you have configured certificates using the certificate manager in


pfsense, then deployed them to your client machines and if you have configured
squid to use ssl man in the middle filtering, then you should be alright as your
pfsense proxy will monitor https traffic as well as http traffic and block websites
according to your rule that use the https protocol e.g facebook.
But deploying certificates to the client machines an be a hassle especially if you
have large numbers of computers and find it inconvenient to manually move from
one machine to the other installing certificates. Active directory certificate service
can come to the rescue . It enables you remotely issue certificates to the right store
in the client machine, but that is of course, if you have the certificate server in
your network.
If you need to simply block access from groups of computers to simple sites like
facebook.com e.t.c temporarily or while you figure out how to install your
certificates onto remote machines, or permanently if you prefer this solution,
simply use the firewall feature in pfsense.
This guide will show you how to block websites using the pfsense firewall feature.
Step 1: Create an alias under firewall. Firewall => alias. Click on IP tab and click
on the + sign to add alias. Call it something intuitive like fb_blocker_list and give
it a description.
Also in the type field, select network, and enter in the ip address range used by
facebook or the website to be blocked. A simple google search should give you

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 3/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

this result.
As at present, facebook ip addresses are
31.13.24.0/21, 31.13.64.0/18, 45.64.40.0/22, 66.220.144.0/20, 69.63.176.0/20,
69.171.224.0/19, 74.119.76.0/22, 103.4.96.0/22, 129.134.0.0/16, 157.240.0.0/16,
173.252.64.0, 179.60.192.0, 185.60.216.0, 204.15.20.0

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 4/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

Now save and apply changes. Then go back to firewall tab => rules and then click
on lan.

Now click on the + sign to add a rule.


Set the action=block,

tcp/ip=ipv4,
https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 5/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

interface=lan
Protocol=tcp/udp
In the destination, select the type to be single host or alias. In the red box under,
start typing your alias name e.g fb_bl… and the system will bring out your alias,
simply click on it to select it.

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 6/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

Now save it and apply changes.


Now try to access facebook.com from any computer on the local network.

Bear in mind that I have my squid proxy already setup in transparent mode and it
logs and blocks http traffic depending on my rules. Howerver, it doesn’t block
https traffic since I have not configured the ssl man in the middle filtering. I will
do just that in a later guide. But to prevent my users from consuming company
data and playing during work hours, I have implemented this temporary or
permanent solution depending on how you see it.
It is possible that your company may have a social media team that promotes the
business on social media. Also your manager or CEO may want access to
facebook. In this case, you can create a rule above the blocked rule to allow

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 7/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

access to facebook for your manager computer ip and the social media team ip
addresses alike.
Here is how to do it.
Go to firewall => alias and click the plus sign to create an alias called
allowed_to_access_fb. In the type, select host and enter as many ip addresses as
you would like to have access to facebook.

Now click save and apply changes.


Go back to firewall=>rules=>lan and click the plus sign to add a new rule.
Set the action to pass
Interface to lan

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 8/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

Protocol to tcp/udp
Tcp version to ipv4
Source type to single host or alias and then select the alias
“allowed_to_access_fb”
Destination type to single host or alias and then select the alias “fb_blocker_list”
Now save and apply changes.
Try to access facebook from the ip address allowed, the result is

Next, we will look at how to monitor and block traffic using certificates based on
the https protocol with pfsense.

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 9/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

Did You Enjoy What You Join over 1.000 visitors who are receiving our newsletter
Read? Sign Up To Our News and learn how to design networks that work using open
Letter source technology and commercial offerings. Also learn
how to proactively defend against security threats.
Enter Your Name

We hate spam. Your email address will not be sold or shared


Enter Your Email
with anyone else.

SIGN UP NOW
I agree to have my personal information transfered to
MailChimp ( more information )

Related Posts:
1. Squid Proxy Server Setup Guide
2. Pfsense Installation and Configuration Step by Step
3. How To Install and Configure Vyos Router-Basic Settings
4. CONFIGURE DHCP ON VYOS ROUTER

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 10/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

0 Comments Top Network Guide 


1 Login

 Recommend Sort by Best

Start the discussion…

LOG IN WITH
OR SIGN UP WITH DISQUS ?

Name

Be the first to comment.

ALSO ON TOP NETWORK GUIDE

Computer Networking Fundamentals and The Tools How to Use Python to Ping all IP Addresses on a
Needed network
1 comment • a year ago 2 comments • a year ago
Juxmarn Victor — thanks for recomendations Martins Ogbonna — Your question helped me look at the
script once again, then I identified the mistake. The Popen
reads the data from stdout and stderr untill the end of file is …

How To: Opsi Server Installation on Ubuntu Server 16.04 Zentyal Server as a Drop-in Replacement for Microsoft
6 comments • 10 months ago Active Directory
Martins Ogbonna — opsi-setup --configure-mysql is the 5 comments • a year ago
correct command. I may have to include pictures so that the Martins Ogbonna — Thank you george. I had the same issues
use of double dash or hyphen can be seen correctly when I started using zentyal.. My personal experience shows
that you can have a minimum of 512MB RAM for running …

✉ Subscribe d Add Disqus to your siteAdd DisqusAdd 🔒 Disqus' Privacy PolicyPrivacy PolicyPrivacy

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 11/12
17/11/2018 How to block websites using pfsense firewall feature. | Top Computer Networking Guide

SE A RCH … 

Free Linux Networking e-book

 First Name

 Your Email

Get it Now

We respect your privacy, therefore we will not


spam you

Like us on facebook

https://topnetworkguide.com/how-to-block-websites-using-pfsense-firewall-feature/ 12/12

You might also like