Skip to content

Latest commit

 

History

History
137 lines (72 loc) · 3.13 KB

README.md

File metadata and controls

137 lines (72 loc) · 3.13 KB
Raw

TikTokBlockList

This collection of domain names, IP addresses and ASNs has been gathered from the TikTok mobile application. It is primarily intended for use in pfSense, OPNsense, Pi-hole, etc., to effectively block TikTok application network-wide.

The data was compiled by analyzing the TikTok application's traffic on mobile devices, performing packet inspections, and examining the TikTok API.

Important Note ❗

TikTok uses DNS over HTTPS (DoH) and DNS over TLS (DoT) to resolve its domains if the primary DNS resolver fails. Therefore, simply using a DNS blacklist is insufficient. You must also block all outbound traffic on port 53 TCP/UDP to prevent the application from using alternative DNS servers. Additionally, ensure you block DoH and DoT.

Usage

pfSense

  1. Install the pfBlockerNG package tutorial.

  2. Add DNS Block List

    Navigate to Firewall > pfBlockerNG> DNSBL > DNSBL Groups

    Click Add

    Name and Description: TikTok

    State: ON

    Source: https://raw.githubusercontent.com/M4jx/TikTokBlockList/main/hosts

    Header/Label: TikTok

    Save

  3. Add IPv4 Block List

    Navigate to Firewall > pfBlockerNG> IP > IPv4

    Click Add

    Name and Description: TikTok

    State: ON

    Source: https://raw.githubusercontent.com/M4jx/TikTokBlockList/main/ipv4s

    Header/Label: TikTok

    Action: Deny Both

    Update Frequency: Once a day

    Save

  4. Add IPv6 Block List

    Navigate to Firewall > pfBlockerNG> IP > IPv6

    Click Add

    Name and Description: TikTok

    State: ON

    Source: https://raw.githubusercontent.com/M4jx/TikTokBlockList/main/ipv6s

    Header/Label: TikTok

    Action: Deny Both

    Update Frequency: Once a day

    Save

  5. Add ASN Block List

    Navigate to Firewall > pfBlockerNG> IP > IPv4

    Click Add

    Now, create a new entry for each ASN in the asns file:

    State: ON

    Source: ASN_NUMBER_HERE

    Action: Deny Both

    Update Frequency: Never

    Save

  6. Reload rules

    Navigate to Firewall > pfBlockerNG > Update

    Select 'Force' option: Reload

    Select 'Reload' option: All

  7. Block Outbound DNS

  8. Block DoH/DoT

Block Outbound DNS

You need to run a local DNS resolver/server to perform DNS queries. If you block outbound DNS without a local DNS resolver, you won't be able to resolve any domains. If you're using pfBlockerNG for DNS blocking or piHole, you are likely already using a local DNS server on your box.

pfSense

  1. Navigate to Firewall > Rules > Floating.

  2. Add new rule.

    Action: Block

    Quick: ✅

    Interface: WAN

    Direction: Out

    Address Family: IPv4

    Protocol: TCP/UDP

    Destination Port Range: DNS (53)

    Description: Block Outbound DNS

Block DoH/DoT

pfSense

  1. Navigate to Firewall > pfBlockerNG > DNSBL > DNSBL SafeSearch.
  2. Enable DoH/DoT/DoQ Blocking.
  3. Select all entries in DoH/DoT/DoQ Blocking List
  4. Click Save

Contribution

Feel free to create a pull request to add more data to the list.