zenarmor blocking

[ozlecz]

trying zenarmor blocking with free version via App Control

>>under the app control>social network> down to the facebook section. ALLOWING Facebook but BLOCKING all the 18 subsections of facebook wont block anything (ie photos, videos,  etc)
>>on the other hand, blocking facebook works

was it because its free edition or it realy doesnt work as expected?

[IHK]

Facebook and other streaming tools are using QUIC protocol as well. Please Block QUIC in Media streaming category then try again.

QUIC is an alternative and first choice for the applications due to works on UDP and faster then TCP. So they run with QUIC and if it doesn't work, connects via TCP - TLS. So your other application traffic will go on TCP - TLS instead of UDP TLS. But All Facebook IPs and domains will be blocked and Facebook wil not work.

Aşağıdaki menüden "Quic UDP Connection" blocklayarak yeniden dener misiniz.
Zenarmor - policies - app-controls - Media Streaming › Quic UDP Connection

[ozlecz]

hi,
blocked that QUIC, and all the facebook xxx, except FACEBOOK itself, but still i dont see anything blocked...

[IHK]

If you want to block certain areas of Facebook, such as Facebook Like, Facebook Message, or facebook.comment. You can do this with Full TLS inspection. This is not possible in the free version.

You can completely block Facebook in the free version.

You can check out the link below for licenses and their comparisons.

https://www.zenarmor.com/plans

[ozlecz]

Ive tried blocking facebook and youtube by
- blocking all the youtube related under media streaming
- blocking all the facebook related under social networks

it worked for sometime like 10min but without doing anything, the pages started opening...weird

[ozlecz]

FYI, update: deleted cache images/files on laptop. switched off both opnsense/laptop and switched both ON after 4 hours, and so far everything works as it should.

Will observe this further and will update this ticket in few days time

[IHK]

Thanks for the update.

If you need further assistance, you can create a ticket using the link below.

https://www.zenarmor.com/docs/support/reporting-bug

[ozlecz]

FYI

after about 6hours and without changing anything on the zenarmor policy;
facebook remain blocked
youtube resumed working.

[ozlecz]

update;

I built a new system with i3 9100 with intel i226 nics

facebook remains blocked, but youtube behavior remains the same. Ive even made the web control as Moderate.

[Greg_E]

If you watch the live sessions, you'll probably find that google has a million domains. You'll need to find those that need to be blocked, and hope for the best. With Google it's kind of like the game Whack-a-Mole.

[ozlecz]

sir iam not trying to block google...iam trying youtube and just following zenarmor doc below

https://www.zenarmor.com/docs/network-security-tutorials/how-to-block-youtube-on-opnsense

[Patrick M. Hausen]

Youtube is a part of Google.

[ozlecz]

Youtube is a part of Google.

So what are missing on this documentation from zenarmor.

[ozlecz]

sir iam not trying to block google...iam trying youtube and just following zenarmor doc below

https://www.zenarmor.com/docs/network-security-tutorials/how-to-block-youtube-on-opnsense

sorry this is supposed to be the documentation from zenarmor i was referring on my previous post

[Greg_E]

Pull up a live monitor in one tab, then go to youtube and watch the different urls stream by that it is using. Close the youtube tab and go back to the live monitor tab. Scroll through the list and start blocking things that have slipped through.

As I said, there is no one size fits all in this game, you need to be an active player to follow the clues where they lead. When enough stuff gets blocked, Google will find another way through because they make money of the ads. It's a constant game of finding the next hole and plugging it. That's what this is.

If you don't want to play this game, I'd suggest buying the paid version and let them play the game for you and update stuff as they see fit. But also remember that often you need to tell them XYZ.ABC is getting through because they can't possible know every single address on there own.

The reverse is also true. If you have a service that you want, and it's getting blocked, you'll need to look at the live monitor, find the blocked parts of the service, and allow them in. You may need to do this several times to catch everything, Adobe products use far too many addresses for real functions and hide their tracking in those same sites so you can't block their tracking and still have a functioning application.