How to block every DNS Request on any Protocol and Port

[PacketChomper]

im trying to achieve to block every thing i mentioned on my first post.

Right. Which included "and so on".

In any event, your list is so expansive as to effectively cover a large and hugely diverse range of applications and services, thus why I was asking for something more along the line of categorization or generalization that might be applicable.

Even just looking at your specific huge list, you do realise that these sort of Internet giants are spinning up new IP addresses daily as they deploy and expand their networks.

[randyrandom]

Yes, i know.

But for now, i have a Solution for me.

i tried this: https://www.allthingstech.ch/using-opnsense-and-ip-blocklists-to-block-malicious-traffic last week, but didnt worked for me, because i did a mistake. it seems opnsense didnt accept 12.9.69.72/29 for example. It only accepts ips.

So i created a small VM with Debian on my server. There now runs a cronjob every 15 Minutes wich runs https://github.com/NetSPI/NetblockTool

For example: python3 NetblockTool.py -v Facebook -s -4

Wich will you get all IP's (v4, because v6 is deactivated anyway) wich belongs to Facebook and subsidiaries of it.

In my case:

Code Select Expand


[*] Getting subsidiary information for Facebook
  [*] Gathering company information for Facebook from EDGAR database
  [*] Gathering company documents for Facebook from EDGAR database
    [*] Status: 1/5
    [*] Status: 2/5
    [*] Status: 3/5
    [*] Status: 4/5
    [*] Status: 5/5
  [*] Removed companies with no document information, 1/5 remain
  [*] Getting list of Facebook subsidiaries
    [*] Searching filings for EX-21 documents
      [*] Found: https://www.sec.gov/Archives/edgar/data/1326801/000132680122000018/0001326801-22-000018-index.htm
    [*] Downloading EX-21 document
      [*] Found: https://www.sec.gov/Archives/edgar/data/1326801/000132680122000018/fb-12312021x10kexhibit211.htm
    [*] Parsing subsidiaries
  [*] Found 26 subsidiaries
    [*] Cassin Networks ApS
    [*] Edge Network Services Limited
    [*] FCL Tech Limited
    [*] Facebook Holdings LLC
    [*] Facebook Operations LLC
    [*] Facebook Payments Inc
    [*] Facebook Technologies LLC
    [*] Facebook UK Limited
    [*] Greater Kudu LLC
    [*] Hibiscus Properties LLC
    [*] Instagram LLC
    [*] META PLATFORMS INC
    [*] Meta Platforms Ireland Limited
    [*] Morning Hornet LLC
    [*] Novi Financial Inc
    [*] Pinnacle Sweden AB
    [*] Raven Northbrook LLC
    [*] Runways Information Services Limited
    [*] Scout Development LLC
    [*] Siculus Inc
    [*] Sidecat LLC
    [*] Stadion LLC
    [*] Starbelt LLC
    [*] Vitesse LLC
    [*] WhatsApp LLC
    [*] Winner LLC


The result you get is a csv file with all IP Ranges. Then i found this: https://stackoverflow.com/questions/16986879/bash-script-to-list-all-ips-in-prefix

With that i can let calculate all ips from these ranges with ./script -i input.txt > output.txt.

The output.txt is on a local nginx server and my opnsense loads that.

And this seems to work. Now i have since ~1 Hour Live View open and can see how Whatsapp tries to connect tousands of different ips every secound (and in the app it still tries to send/recive the messages). Without that blocklist (only zenarmor), it tries for ~10 minutes too and after that time it had success and found a connection wich works. Now not more :-)

Next week i write a script to automate that and to create cronjobs for the other services like Microsoft, Amazon and others too.

And i need to find out why i cant redirect all DNS Request to my Pi-hole without it gets looped endless.