OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: road hazard on July 27, 2022, 03:43:18 am

Title: How to block a single website?
Post by: road hazard on July 27, 2022, 03:43:18 am

First off, I know practically nothing about advanced/next generation firewalls. I'm looking into taking advantage of the features they offer (geoIP blocking), more visibility into what the endpoints on my home network are up to and blocking sites from my children.

The first thing I'd like to master is blocking a single URL. In this example, it's yahoo.com. Try as I may, I can not get this working to save my life. Yes, I'll probably spend the $99/year and buy Zenarmor if it comes to that but can't this be done with plain OPNsense? Zenarmor makes this task look trivial but I don't think it can be done with the free version.

When I was testing Sophos, I was able to create a rule that blocked that domain within a minute or so by just poking around and guessing. I'm going on 2+ days with OPNsense and can't do it. I looked at this:

https://docs.opnsense.org/manual/how-tos/proxywebfilter.html (https://docs.opnsense.org/manual/how-tos/proxywebfilter.html)

.....but that is just how to enable blacklists. I'm interested in blocking a single URL. I think what's hanging me up is I need to block DNS requests for that site, right?

TLDR: Is there a super simple, detailed guide/video that walks you through blocking a single URL?

Thanks

Title: Re: How to block a single website?
Post by: road hazard on July 28, 2022, 12:11:00 am

Something I didn't mention in my OP but this is weird to me.

If I create a rule to block yahoo.com, yahoo is blocked.

If I disable the rule, my PC can reach yahoo.com.

If I re-enable the rule, my PC can STILL access yahoo.com.

With the rule now enabled, if I reboot my PC, yahoo is blocked...... until I disable the rule and the cycle repeats.

Title: Re: How to block a single website?
Post by: cookiemonster on July 28, 2022, 11:16:27 pm

From the beginning: firewalls at the base level work on IPs, ports, protocols. The rules to allow/deny the flow of packets is done with those.
As you know a dns query is needed to translate a url to an ip. Large sites have more than one.
With url to ip translated, firewall rules can be created.

The next step is to look at methods to either combine in one place the dns +block or do it in two steps.
Blocklists are a way to enhance a service to achieve this. A blocklist in Unbound for example. It causes to sinkhole the urls in the list.

Then there are other plugins that do this and more. An example is AdGuard (in OPN) or Pihole (external to OPN). Essentially they manage large lists of urls to block easily, it can be just one site. They receive the dns request and on a match , it won't even send it to the resolver and stops there, it doesn't even get to the firewall rules.

For a quick way for a single site you could, assuming you're using Unbound, just use the overrides section.
As per usual, a description of your setup would be useful to give more detailed advice.