[SOLVED] Block Facebook with OPNsense

[klausneil]

Hi, anybody tell me how i can deny or block page facebook.com but by https, i try configure DNS Resolver-Overrides and i configure the domain facebook.com with 127.0.0.1 but i cant deny the page. Please help me.

[klausneil]

Well i find one solution is this:

Firewall -> Aliases -> All

Add new alias

Name: facebook
Description: Social Network 1
Type: Host(s)
Host(s): www.facebook.com

And add other line in the same rule

Name: facebook
Description: Social Network 1
Type: Host(s)
Host(s): es-la.facebook.com

Save

Now add a new firewall rule

Firewall -> Rules -> LAN -> add new rule

Action: Block
Protocol: TCP/UDP
Destination: facebook
Description: Social Network 1

Save

Well this is all, bye!!

[phoenix]

You can also block it by SSL Certificates, take a look at this page in the Documentation: https://docs.opnsense.org/manual/how-tos/ips-sslfingerprint.html

[klausneil]

Hi phoenix thanks

[macgvr]

There is another interesting way to block such traffic. If your network uses an internal DNS server that gets handed out by DHCP then you can add an entry to the DNS server that points facebook.com, or other, to 127.0.0.1. The page will not load and they get a standard, failed to connect, error or a failed security certificate error. This works regardless of whether you are setup to examine SSH traffic or not. The page has to be resolved by DNS first and this causes it to resolve to a non-working address.

[franco]

Right, or use "Services: DNS Tools: Filter" coupled with a OpenDNS account for maximum effect.

[Bonesy]

I've tried using these suggestions but without any success.

create alias and rule to block facebook: Check
use dns override to steer to 127.0.0.1: Check
use certificate to block facebook: Check

can anyone help? i'm using a 2 vms for opnsense and kali. have LAN connection between both, with opnsense in WAN and kali in LAN. I can block unpopular sites but cant block facebook.