{"id":19329,"date":"2019-10-28T14:39:06","date_gmt":"2019-10-28T14:39:06","guid":{"rendered":"http:\/\/www.firewallhardware.it\/pfsense-e-pfblockng-come-bloccare-la-rete-tor\/"},"modified":"2019-12-27T11:13:58","modified_gmt":"2019-12-27T11:13:58","slug":"pfsense-and-pfblockng-how-to-block-the-tor-network","status":"publish","type":"post","link":"https:\/\/blog.miniserver.it\/en\/pfsense\/pfsense-and-pfblockng-how-to-block-the-tor-network\/","title":{"rendered":"pfSense and pfBlockNG: how to block the TOR network"},"content":{"rendered":"<p>[vc_row css=&#8221;.vc_custom_1574787156445{margin-top: 30px !important;}&#8221;]<\/p>\n<h3 style=\"color: #00a0df; font-size: 20px; text-align: left;\">Objective of this guide<\/h3>\n<p>[vc_separator css=&#8221;.vc_custom_1574787126205{margin-top: -20px !important;}&#8221;]The purpose of this guide is to explain how to <strong>configure pfSense<\/strong> to block the <strong>Tor browser<\/strong>.JTVCYWRyb3RhdGUlMjBiYW5uZXIlM0QlMjIzJTIyJTVE<\/p>\n<h3 style=\"color: #00a0df; font-size: 20px; text-align: left;\">Hardware and software environment used<\/h3>\n<p>[vc_separator css=&#8221;.vc_custom_1574787126205{margin-top: -20px !important;}&#8221;]Tested hardware: We performed the configuration on a single hardware system as, in fact, the configuration can be replicated on any device compatible with the <strong>pfSense<\/strong> system. However, we recommend not using a lower power system than the system used in our tests.<\/p>\n<p><strong>Tested Corporate Firewall:<\/strong><br \/>\nThe entire <u><a href=\"https:\/\/www.miniserver.it\/firewall\/corporate\/compact-small-utm-3\" target=\"_blank\" rel=\"noopener noreferrer\">Compact Small UTM<\/a><\/u> line<br \/>\nAll the <u><a href=\"https:\/\/www.miniserver.it\/firewall\" target=\"_blank\" rel=\"noopener noreferrer\">Small UTM<\/a><\/u> line<\/p>\n<p>The <strong>software used<\/strong> on the appliance is <strong>pfSense\u00ae<\/strong> version <strong>2.4.4-RELEASE-p3<\/strong><\/p>\n<h3 style=\"color: #00a0df; font-size: 20px; text-align: left;\">Configuration<\/h3>\n<p>[vc_separator css=&#8221;.vc_custom_1574787126205{margin-top: -20px !important;}&#8221;]The <strong>TOR browser<\/strong>, when started, first establishes a connection with a server, with which it establishes a tunnel. Once the tunnel has been created, the user will have free access to the resources provided by the TOR network. To avoid this you need to prevent the <strong>TOR browser<\/strong> from connecting.<\/p>\n<p>Here is the Tor connection screen:[vc_single_image image=&#8221;18739&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Below is a possible configuration of <strong>pfSense<\/strong> to block Tor:<\/p>\n<ul>\n<li>First <strong>install pfBlockerNG<\/strong>;<\/li>\n<li>From <strong>System<\/strong>-&gt;<strong>Package Manage<\/strong>, locate the pfBlockerNG package and by clicking on the + Install button, install it.<\/li>\n<\/ul>\n<p>[vc_single_image image=&#8221;18741&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]After installation, select <strong>Firewall<\/strong>-&gt;<strong>pfBlockerNG<\/strong> and enable the &#8220;<strong>Enable\/Disable<\/strong>&#8221; service[vc_single_image image=&#8221;18743&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Select the LAN in the inbound Firewall Rules, and the WANs \/ networks under outbound Firewall Rules[vc_single_image image=&#8221;18745&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Then save and then select the &#8220;<strong>IPV4<\/strong>&#8221; tab[vc_single_image image=&#8221;18747&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Click on the &#8220;<strong>+ Add<\/strong>&#8221; button and then configure as shown in the figure, putting the following URL in the source heading<\/p>\n<p><a href=\"https:\/\/unlockforus.com\/pfblockerng\/tor_nodes_ipv4.txt\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/unlockforus.com\/pfblockerng\/tor_nodes_ipv4.txt<\/a><\/p>\n<p>We offer only one URL, which is reasonably effective.<\/p>\n<p>In particular configured: &#8220;<strong>Alias Name<\/strong>&#8220;, &#8220;<strong>ipv4 Lists<\/strong>&#8220;, &#8220;<strong>Lists Action<\/strong>&#8220;, &#8220;<strong>Update Frequency<\/strong>&#8220;[vc_single_image image=&#8221;18749&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Save[vc_single_image image=&#8221;18751&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]Click on &#8220;<strong>Update<\/strong>&#8220;, select &#8220;<strong>Reload<\/strong>&#8221; and click on &#8220;<strong>Run<\/strong>&#8220;, then select &#8220;<strong>Update<\/strong>&#8221; and click on &#8220;<strong>Run<\/strong>&#8220;.[vc_single_image image=&#8221;18753&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]If you launch the <strong>Tor browser<\/strong> it should return an error similar to this one[vc_single_image image=&#8221;18755&#8243; img_size=&#8221;full&#8221; onclick=&#8221;link_image&#8221;]The <strong>configuration of pfBlockerNG<\/strong> can be very complex; in our example it is used only to <strong>block the TOR network<\/strong>. To block other similar networks, it will be sufficient to find a &#8220;<strong>URL<\/strong>&#8221; that contains the IPs to be blocked and insert it in the configuration.<\/p>\n<p><strong>Firewall<\/strong>-&gt;<strong>pfBlockerNG<\/strong>-&gt;<strong>IPv4<\/strong>, in the &#8220;<strong>IPV4 lists<\/strong>&#8221; field.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Se alcuni utenti aggirano il Vostro sistema di controllo di navigazione tramite un brouser TOR, con pfsense \u00e8 possibile inibire l\u2019utilizzo di tale tecnologia.<\/p>\n","protected":false},"author":11,"featured_media":25205,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[124],"tags":[265,138],"class_list":["post-19329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pfsense","tag-firewall-en-2","tag-pfsense-en"],"_links":{"self":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/comments?post=19329"}],"version-history":[{"count":3,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19329\/revisions"}],"predecessor-version":[{"id":19332,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/posts\/19329\/revisions\/19332"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media\/25205"}],"wp:attachment":[{"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/media?parent=19329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/categories?post=19329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miniserver.it\/en\/wp-json\/wp\/v2\/tags?post=19329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}