Setup Pfsense To Block TikTok

pfsensepfsense

Overview

TikTok is a Chinese video-sharing social networking service, that's owned by ByteDance, a Beijing-based internet technology company.

important

ByteDance's founder and CEO Zhang Yiming issued a letter in 2018 stating that his company would "further deepen cooperation" with Communist Party of China authorities to promote their policies. Source

Do you really want to expose yourself (or your family) to the Chinese Communist Party?

Let's block TikTok in Pfsense.

Install pfBlockerNG in Pfsense

In order to block Tik Tok, we need to install pfBlockerNG package in Pfsense.

  • Pfsense, System, Package, Available Packages, search pfblockerng, select install

Add TikTok domains to be blocked

  • Pfsense, Firewall, pfBlockerNG, select DNSBL tab, under DNSBL Feeds sub-tab:
    • Click on Add
    • Under DNS Group name: block_tik_tok (or whatever name you want)
    • Under List Action: select Unbound
    • Under Custom Block List, select + (plus) icon to expand the dropdown to enter your domains
    • Below is a list of domains that I've identified by looking at the TikTok DNS entries on my firewall.
      • I've separated them into groups, per domain, to make it easier to find.
      • When you'll be pasting, you can paste them all at once.
api-h2.tiktokv.com
api-va.tiktokv.com
api16-core-c-useast1a.tiktokv.com
api16-core-c-useast2a.tiktokv.com
api16-core-va.tiktokv.com
api16-normal-c-useast1a.tiktokv.com
api16-normal-c-useast2a.tiktokv.com
api16-va.tiktokv.com
api19-core-c-useast1a.tiktokv.com
api19-core-c-useast2a.tiktokv.com
api19-core-va.tiktokv.com
api19-normal-c-useast1a.tiktokv.com
api19-normal-c-useast2a.tiktokv.com
api19-va.tiktokv.com
dm16-useast1a.tiktokv.com
dm16-useast2a.tiktokv.com
gecko-va.tiktokv.com
log-va.tiktokv.com
mon-va.tiktokv.com
mon.tiktokv.com
tiktokv.com
verification-va.tiktokv.com
webcast-va.tiktokv.com
xlog-va.tiktokv.com
m.tiktok.com
support.tiktok.com
tiktok.com
v.tiktok.com
vm.tiktok.com
www.tiktok.com
lf16-geckocdn-sg.tiktokcdn.com
p16-va.tiktokcdn.com
pull-cmaf-f16.tiktokcdn.com
pull-cmaf-f5.tiktokcdn.com
pull-f5-ab.tiktokcdn.com
pull-f5-ab.tiktokcdn.com.c.worldfcdn.com
pull-f5.tiktokcdn.com
pull-flv-f1-ab.tiktokcdn.com
pull-flv-l1.tiktokcdn.com
pull-flv-l1.tiktokcdn.com.wsdvs.com
pull-flv-l11.tiktokcdn.com
pull-hls-f1-ab.tiktokcdn.com
pull-hls-f5-ab.tiktokcdn.com
pull-hls-f5.tiktokcdn.com
pull-hls-l1.tiktokcdn.com
pull-hls-l1.tiktokcdn.com.wsdvs.com
pull-hls-l11.tiktokcdn.com
pull-hls-q5.tiktokcdn.com
pull-hls-w5.tiktokcdn.com
pull-q5.tiktokcdn.com
pull-rtmp-f1-ab.tiktokcdn.com
pull-rtmp-l1.tiktokcdn.com
pull-rtmp-l1.tiktokcdn.com.wsdvs.com
pull-rtmp-l11.tiktokcdn.com
pull-w5.tiktokcdn.com
pull-w5.tiktokcdn.com.c.worldfcdn.com
s16.tiktokcdn.com
sf16-webcast.tiktokcdn.com
v16.tiktokcdn.com
v16m.tiktokcdn.com
v19.tiktokcdn.com
v21.tiktokcdn.com
api2-16-h2-eagle.musical.ly
api2-16-h2.musical.ly
api2-19-h2-eagle.musical.ly
api2-19-h2.musical.ly
api2.musical.ly
app.musical.ly
applog.musical.ly
dm16.musical.ly
jsb-va.musical.ly
live.musical.ly
m.musical.ly
musical.ly
v16.musical.ly
verification-va.musical.ly
webcast.musical.ly
www.musical.ly
xlog-va.musical.ly
bytedance.com
www.bytedance.com
app.musemuse.cn
musemuse.cn
share.musemuse.cn
mpak-suse1.muscdn.com
mphw-suse1.muscdn.com
muscdn.com
p16-sg.muscdn.com
p16.muscdn.com
sf16-sg.muscdn.com
sf16-webcast.muscdn.com
v16.muscdn.com
v19.muscdn.com
v21.muscdn.com
ibytedtos.com
sf-hs-sg.ibytedtos.com
sf-tb-sg.ibytedtos.com
sf16-muse-va.ibytedtos.com
p16-tiktok-sg.ibyteimg.com
p16-tiktok-va.ibyteimg.com
p16-va-tiktok.ibyteimg.com
byteoversea.net
quic-normal-lb-gcp.byteoversea.net
security-lb-maliva.byteoversea.net
api2-16-h2.musical.ly.edgekey.net
bytedance.map.fastly.net
musically-alternate.app.link
musically.app.link
p16-tiktokcdn-com.akamaized.net
video.h1.bytedance.map.fastly.net

Enable pfBlockerNG in Pfsense

  • Pfsense, Firewall, pfBlockerNG, select DNSBL tab, under DNSBL sub-tab:
    • Under Enable DNSBL, Turn on
  • Pfsense, Firewall, pfBlockerNG, select Update tab
    • Select Run
  • Pfsense, Firewall, pfBlockerNG, select General tab
    • Under Enable pfBlockerNG, select Enable
    • Under Kill states, select When enabled...
    • Press Save
  • Pfsense, Status, Services
    • Under Dnsbl, select Restart Service action

Test to verify Pfsense is blocking TikTok

  • On your computer, go to tiktok.com and you'll see a blank page. This means it worked.
  • On your mobile, you'll still be able to open TikTok application, but none of the videos will be playing. This means it worked.

Limitations with using Pfsense to block TikTok

note

While you can use Pfsense and pfBlockerNG to block domains, it's not my preferred solution. Since pfBlockerNG doesnt block subdomains with a wildcard, you have to manually list each domain to be blocked. So if TikTok changes domains, your blacklist will start to be come obsolete. Then you'll have to use DNS to figure out which domains are new and then re-add them to pfblockerNG. Overtime, this becomes a hassle.

  • My recommendation is to switch to Pihole, since Pihole allows for wildcard domains to be blocked, not to mention it's a lot more capable blocking system. Link to my article

Conclusion