Hi, anybody tell me how i can deny or block page facebook.com but by https, i try configure DNS Resolver-Overrides and i configure the domain facebook.com with 127.0.0.1 but i cant deny the page. Please help me.
Well i find one solution is this:
Firewall -> Aliases -> All
Add new alias
Name: facebook
Description: Social Network 1
Type: Host(s)
Host(s): www.facebook.com
And add other line in the same rule
Name: facebook
Description: Social Network 1
Type: Host(s)
Host(s): es-la.facebook.com
Save
Now add a new firewall rule
Firewall -> Rules -> LAN -> add new rule
Action: Block
Protocol: TCP/UDP
Destination: facebook
Description: Social Network 1
Save
Well this is all, bye!!
You can also block it by SSL Certificates, take a look at this page in the Documentation: https://docs.opnsense.org/manual/how-tos/ips-sslfingerprint.html
Hi phoenix thanks
There is another interesting way to block such traffic. If your network uses an internal DNS server that gets handed out by DHCP then you can add an entry to the DNS server that points facebook.com, or other, to 127.0.0.1. The page will not load and they get a standard, failed to connect, error or a failed security certificate error. This works regardless of whether you are setup to examine SSH traffic or not. The page has to be resolved by DNS first and this causes it to resolve to a non-working address.
Right, or use "Services: DNS Tools: Filter" coupled with a OpenDNS account for maximum effect.
I've tried using these suggestions but without any success.
create alias and rule to block facebook: Check
use dns override to steer to 127.0.0.1: Check
use certificate to block facebook: Check
can anyone help? i'm using a 2 vms for opnsense and kali. have LAN connection between both, with opnsense in WAN and kali in LAN. I can block unpopular sites but cant block facebook.