Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Porn URLs some blocked; some not?

Follow
Avatar
Joe Sachey

Firewalla Gold running beta firmware (1.9732)

I have setup on LAN1 the following:

  • Porn Block
  • Ad Block (Strict)
  • DNS over HTTPS (using 2 custom DNS servers: CloudFare 1.1.1.3 and OpenDNS Family

i got an alert about porn activity, and when i look at the list of flows, i am seeing some flows that are blocked (some by IP filtering, some by DNS filtering), but i also see a lot that are NOT blocked, even in the same domain (sometimes the exact same URL!).  Even those that are not blocked have a category of "Porn" on them, yet STATUS is still OK?  See picture below:

 

Can anyone help me out here?

 

thanks from a concerned parent,

Joe

1

Comments

4 comments

Sort by Date Votes
  • Avatar
    Support Team

    Thanks for the feedback.

    1. xnxx[.]gold was not marked as porn in our database, and we just fixed it.

    2. The porn sites are dynamically learned from your network, so it may take up to a minute to for blocking to take effect.

    3. When using OpenDNS or CloudFlare family protect DNS in the network, these sites may be resolved to an IP owned by OpenDNS/CloudFlare. That IP will not be blocked by Firewalla and the browser should get a block page from OpenDNS/CloudFlare.

     

    We can help you double check this, please send email to help@firewalla.com if you want to.

    0
    Comment actions Permalink
  • Avatar
    Joe Sachey

    thanks for the quick reply!

    I noticed that i had set the DoH custom servers to the Security only DNS (i.e, 1.1.1.2) before i wrote the above.  Once i changed it to the Adult DNS (i.e., 1.1.1.3), then the sites were getting blocked by DNS filtering.

    What i still don't understand just yet, is why Firewalla is showing the category of "Porn" for these flows, yet is allowing them with a status of "OK", even though the Porn block is enabled?  I assumed that anything categorized as "Porn" would be blocked by the Porn Block?

    thanks for all the help!

    Joe

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Can you take a look at the blocked flows on the app? wondering if it is a display bug.

    Also, if you have DNS blockers for porn and that also return a fake IP, that may also means it was blocked, but the IP returned is not porn. 

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Joe

    Categorisation is dynamic, it depends on what the ip/domain is categorised at the moment when flows are displayed on your screen. It may not be the same category when the system decides to block/allow the flows, especially when the ip address or domain is shared. (such as CDN)

     

    I agree this causes confusion here, we'll improve it in the future.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post