Alias and firewall rules - Blocking TOR....

[lar.hed]

So I am kind of new to OpnSense - but I have been around, but I am a newbie...

Anyway, I decided to block all TOR nodes. There is a great list of all IPs at:
https://check.torproject.org/torbulkexitlist

I defined a Alias "Block_TOR" - which I guess downloads this list if I enter  that url in "Content" box? Or how does that work?

And then I defined two firewalls rules, block, in and out, on the WAN interface (since that is the gateway, although I actually does use a failover so I have WAN and WANBACKUP - not sure how to solve that though...).

I then save and apply, then I open a new web browser and enter a random selected IP from the list from the URL above, say 185.220.100.243 - and I kind of expected that nothing should work.

However I get a nice web page back...

What am I doing wrong here? I am for sure missing something - but so far I can not understand why it is not blocked?

PS! Why block TOR nodes? good question, and my thoughts are something like: If someone manages to hack say a local news site and publishes somthing that tries to download somwthing over TOR I simply like to have that blocked - I do not need TOR, not have I ever needed it - so blocking it should work just fine for me. However I know for sure it is not for everyone. DS!

[lar.hed]

Okay since I got no response, for the next person that stumbles onto this:

Defining an aliases does not mean it will block whats inside the aliases list - for that to happen one need to add an firewall rule that applies that aliases onto the a rule. I would recommend that one, for my example and block countries, adds the needed rules onto floating rules, so it applies everywhere. I have sofar added four rules, source or destination for block_tor and block_countries. Hope this helps anyone else that is a beginner like me :-)

[pleibling]

Anyway, I decided to block all TOR nodes. There is a great list of all IPs at:
https://check.torproject.org/torbulkexitlist

Thanks for the Tor-List @lar.hed