In this extended Proxmox lab series video, we take a deep dive into how firewalls enforce URL filtering — and how users often bypass it. Whether you’re a student, MSP engineer, or security practitioner, this walkthrough breaks down how modern filtering actually works at the packet and protocol level. 🔍 What you’ll learn in this video: • How DNS works and why it matters for filtering • Breakdown of TCP and TLS handshakes in simple terms • How a firewall extracts an FQDN from DNS queries and TLS SNI • How URL filtering databases like BrightCloud help categorize traffic • DNS filtering: pros, cons, and real reasons it fails • SNI filtering: pros, cons, and limitations with TLS 1.3 • The impact of TLS 1.3 and Encrypted ClientHello (ECH) on URL filtering • pfSense lab exercise: Step-by-step URL filtering setup • How a user can bypass filtering (e.g., changing DNS servers) • How to prevent DNS bypassing with firewall rules and security best practices 🧪 Lab Overview • pfSense configuration • DNS resolver settings • Firewall category-based URL filtering • Traffic testing and validation • DNS bypass tests & remediation If you’re looking to understand how URL filtering really works — beyond buzzwords and vendor slides — this video breaks it down clearly with hands-on examples. Chapters: 00:00 Intro 00:42 Understanding DNS 01:40 TCP Breakdown 02:40 TLS/SSL Breakdown 05:30 How Firewalls Extract URL 06:35 Use of 3rd Party Databases 07:07 DNS Based Filtering 09:42 SNI Based Filtering 11:24 TLS 1.3 and ECH 12:44 Lab Exercise 16:35 How To Bypass DNS Based Filtering 17:54 Outro