How does Firewalla block domains?
A domain is something like "firewalla.com". Firewalla uses two methods to block such a domain on your network:
- Resolve the domain to IP addresses, and block the IP addresses.
- Block the DNS lookup of firewalla.com so the IP address for firewalla.com is not resolved.
When you create a rule to block a domain, Firewalla will provide you with two types of Block Mode underneath:
- Multiple domains may be hosted on the same IP, blocking one IP may block other sites
- These blocks are immediate and will block even the video already started.
- Due to how DNS entries are cached in the operating systems, it may take a while for the block to be effective.
- If the stream already started, there no way to stop it. (blocking youtube app for example)
Why blocking one domain may block other domains?
Here is an example of how Firewalla Default Domain Block can affect other domains. In this example, we blocked tiktokv.com (one of the video domains used by TikTok) using the Default Blocking method, and this will cause slickdeals.net (a deals site) to be blocked. Here is why:
When blocking tiktokv.com using Default (IP-based) Blocking, all of the following sites will be blocked:
Now let's look at api-va.tiktokv.com
pi@firewalla:~ () $ nslookup api-va.tiktokv.com
api-va.tiktokv.com canonical name = api-va.tiktokv.com.edgekey.net.
api-va.tiktokv.com.edgekey.net canonical name = e28622.a.akamaiedge.net.
api-va.tiktokv.com is associated with IP addresses 220.127.116.11 and 18.104.22.168, and under the Default Blocking mode, both IP addresses are blocked. And if you do domain lookup of slickdeals.net, it turns out to be also 22.214.171.124.
How to debug this issue?
The Rule Diagnostic tool helps you to look for rules that block your device from accessing certain sites.
For example, if you are having trouble accessing site "slickdeals.net" on your iPhone,
- Tap on Rules -> the top right corner "…" -> Diagnostics.
- Type in the site you can't access - "slickdeals.net"
- Select the device you are having the issue with - "Jerry-iPhone"
Here you will find, blocking TikTok also blocks slickdeals.net
If you see problems like this happening, you can tap on this rule and change the blocking mode to "Domain Only".