PfSense firewall fighting against Xiaomi
I have for my home a mini-PC Qotom and I installed PfSense 2.3 in it. It was funny to install Squid Proxy Server, DHCP Server, pfBlockerNG, OpenVPN and more.
In my home there are many devices that need internet. I count more than 20 like Kindles, Ipad, Iphone, Android smartphones, laptops, webcams, tablets, and console games.
I like to revise all my internet traphic and watch where those devices do connections, so I get all the information in Squid Proxy Reports.
I saw that a smartphone Xiaomi Redmi Note 3 does a lot of connections to the following ips:
- data.mistat.xiaomi.com
- api.ad.xiaomi.com
- o2o.api.xiaomi.com
- resolver.msg.xiaomi.net
- wallpaper.pandora..xiaomi.com
- api.chat..xiaomi.net
- abtest.mistat..xiaomi.com
- sdkconfig.ad.xiaomi.com
- file.market..xiaomi.com
Trying to block to Xiaomi
I can't stand this:
- I hate business collecting data without asking or notifying me.
- My kid can use the mobile phone for the purpose he wants.
- I know that mobile phone could transmit data again to Xaomi when It get connected to another wifi. But I'm going to try not with my wifi.
- I know too that I can't know which comunications occurs while mobile is in 3G or 4G.
- I know that perhaps these transmissions is for asking if it needs any updates. In this case, I don't thing it is the rigth way for doing.
first round
I did a alias that collect all that ips. I check that Xiaomi DNS uses amazon WS, so the IP's are variable.
First I created a firewall rule in LAN that blocks that alias. I saw it didn't work so I put it in Floating Rules.
--
I checked that if I try to web to any of those IP's I get a message that informs to me that site is blocked. So I thought PfSense was working as desired.
But I was wrong. Here you see more connections.
second round
I need help so I wrote a post in Redit and another one in forum PfSense. ~~Only in reddit I got some answers~~ so I made some changes suggested by helpfully people.
I check the "Quick" option in the rule, so if any packet fits on this one, PfSense will stop checking any rule more.
Fail or success ?? Failed.
connections at 05h or 06h while all we are sleeping? Damn !
checking Xiaomi smartphone
While I was doing all these tasks in pfSense I did some changes in the Xiaomi Redmi Note3 about privacy. Here is the current state:
- User Experience program disabled.
- Send diagnostics automatically disabled.
- Personalized Ads disabled.
Solution
Perhaps Squid Proxy Reports registers data connections (petitions) although they are blocked by pfSense rules. Would it explain about 4Kb in every connection to Xiaomi servers?
I don't know.
But finally I get the solution from forum PfSense, great comments.
Do not use rules for blocking sites. Use DNS Overrides.
Adding this to my DNS Resolver service.
