Objective
To be able to block any traffic related to an organization through their Autonomous System Number (ASN) with the help of the pfSense plugin, pfBlockerNG.
Prerequisites
- pfBlockerNG installed and enabled.
- Any Netgate appliance / pfSense virtual machine.
Steps
Step 1: Create an ASN IPv4 Alias
Navigate to Firewall > pfBlockerNG > IPv4
Click on +Add to create a new alias.
Fill in the following fields: –
Alias Name: ASN_Lists
List Description: ASNs to be blocked
Format: whois
State: ON
Source: AS32934
Label: Facebook
Ensure both deny is selected as the List Action.
Note: Multiple ASNs can be added by simply clicking on the +Add button right below the IPv4 Lists row.
Click on Save to save your changes.
Step 2: Update the List
Navigate to the Update tab.
Select Update and then All, a window showing the number of prefixes belonging to the ASN can be seen and will be updated into the alias.
A firewall rule will be created automatically under the WAN interface.
Step 3: Validate the Rules
Ensure that a machine / device is connected locally within the same network as the pfSense unit.
In this case, since the Facebook ASN been blocked, browse to the website to ensure that the rules are working.