Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Rules (Read 2045 times)
matrix73
Newbie
Posts: 6
Karma: 0
Rules
«
on:
April 10, 2020, 03:49:56 pm »
I am made rule with Alias hosts facebook.com and de-de.facebook.com
LAN reject
source Lan Net
destination Alias
it work for a while,
than Update 20.1.4 and the rule does not work.Also other self made rules did not worked.
Is that so? After update something does not work always.
Logged
matrix73
Newbie
Posts: 6
Karma: 0
Re: Rules
«
Reply #1 on:
April 12, 2020, 08:09:21 am »
This one works with pfsense, also after reboot, with opnsense does not work.
Logged
stefanpf
Jr. Member
Posts: 75
Karma: 5
Re: Rules
«
Reply #2 on:
April 12, 2020, 08:55:12 am »
I can confirm, that your example doesn't work.
As I never blocked FB before I can not confirm that this should work as you expect.
It seems to have problems with DNS round Robin, as the same technique works with 'normal' Internet sites that only have one IP per DNS record.
Logged
FingerlessGloves
Full Member
Posts: 114
Karma: 11
Re: Rules
«
Reply #3 on:
April 12, 2020, 05:41:45 pm »
When I go to facebook.com, it redirects me to
www.facebook.com
When I do a DNS lookup direct to Cloudflare or Google, doing the following "dig
www.facebook.com
@8.8.8.8", doesn't return all IPs, it only returns one then it changes a few seconds later when I request again. I don't think its an issue with OPNsense really. When websites are behide CDNs, blocking them using alias for the domain becomes tricky.
If you really want to block facebook, go to this url below, to get the IP ranges for Facebook, then create an ALIAS for Facebook Subnets based on the results.
https://developers.facebook.com/docs/sharing/webmasters/crawler
if you wanted to automate the process, maybe use this project to host a API that you can use OPNsense URL host list ALIAS type with.
https://github.com/ddimick/asn-to-ip
«
Last Edit: April 12, 2020, 05:43:52 pm by Jonny
»
Logged
Adventuring through internet pipes
My Blog
hbc
Hero Member
Posts: 501
Karma: 47
Re: Rules
«
Reply #4 on:
April 12, 2020, 10:46:30 pm »
Just use
http://asn.blawk.net/32934
as URL alias to block Facebook ASN.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Rules