How does the Great Firewall block websites?

Since the Great Firewall (GFW) is deployed at various international Internet exits in mainland China, there are many methods to block inbound and outbound traffic, and the two most commonly used methods are DNS pollution and IP blocking.

The DNS server is also called a domain name server, which is used to convert the URL we enter in the browser (such as www.google.com) into an IP address that the machine can recognize (such as 103.139.3.240), so that our access request can be processed Served correctly to the server of the target website. The so-called DNS pollution means that the Great Firewall can intercept the request when we make a DNS query request, and pretend to be a DNS server to return a wrong IP address. In this way, our data packets will be sent to a wrong server and discarded, and naturally we will not be able to access the correct target website server. However, we can easily see that the blocking effect through DNS pollution is not very good: because we can directly use the correct IP address to access the target website, thereby bypassing the DNS query step. Therefore, the Great Firewall mainly adopts the method of IP blocking to deal with the websites that need to be blocked mainly (such as Google, Facebook, and Twitter). Once the Great Firewall detects access to a specific IP address, it immediately discards the data packet, causing the connection to be blocked.