Guide

pfSense and pfBlockNG: how to block the TOR network

Objective of this guide

The purpose of this guide is to explain how to configure pfSense to block the Tor browser.

Hardware and software environment used

Tested hardware: We performed the configuration on a single hardware system as, in fact, the configuration can be replicated on any device compatible with the pfSense system. However, we recommend not using a lower power system than the system used in our tests.

Tested Corporate Firewall:
The entire Compact Small UTM line
All the Small UTM line

The software used on the appliance is pfSense® version 2.4.4-RELEASE-p3

Configuration

The TOR browser, when started, first establishes a connection with a server, with which it establishes a tunnel. Once the tunnel has been created, the user will have free access to the resources provided by the TOR network. To avoid this you need to prevent the TOR browser from connecting.

Here is the Tor connection screen:

Tor Browser

Below is a possible configuration of pfSense to block Tor:

  • First install pfBlockerNG;
  • From System->Package Manage, locate the pfBlockerNG package and by clicking on the + Install button, install it.
Tor Browser

After installation, select Firewall->pfBlockerNG and enable the “Enable/Disable” service

Tor Browser

Select the LAN in the inbound Firewall Rules, and the WANs / networks under outbound Firewall Rules

Tor Browser

Then save and then select the “IPV4” tab

Tor Browser

Click on the “+ Add” button and then configure as shown in the figure, putting the following URL in the source heading

https://unlockforus.com/pfblockerng/tor_nodes_ipv4.txt

We offer only one URL, which is reasonably effective.

In particular configured: “Alias Name“, “ipv4 Lists“, “Lists Action“, “Update Frequency

Tor Browser

Save

Tor Browser

Click on “Update“, select “Reload” and click on “Run“, then select “Update” and click on “Run“.

Tor Browser

If you launch the Tor browser it should return an error similar to this one

Tor Browser

The configuration of pfBlockerNG can be very complex; in our example it is used only to block the TOR network. To block other similar networks, it will be sufficient to find a “URL” that contains the IPs to be blocked and insert it in the configuration.

Firewall->pfBlockerNG->IPv4, in the “IPV4 lists” field.

  ti posso interessare anche