Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Whitelist Project

    Off-Topic & Non-Support Discussion
    3
    3
    530
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DanielAyer
      last edited by

      Hello,
      I am currently developing a DNS Whitelist project to integrate with my pfsense router. I have three kids and this is a step in securing our network from their wandering browsers. The core concept is implementable on whatever hardware or software. Right now I am focusing on pfsense.
      If anyone has experience, or wants to gain experience, building this sort of project please let me know.

      Thanks,
      -Daniel Ayer

      NogBadTheBadN GertjanG 2 Replies Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @DanielAyer
        last edited by NogBadTheBad

        @danielayer

        I'd use a blacklist with pfBlockerNG with one of the following lists, seems pointless reinventing the wheel:-

        https://github.com/StevenBlack/hosts/blob/master/alternates/fakenews-gambling-porn-social/readme.md

        It works fine for me:-

        Last login: Thu Jan 5 19:31:26 on console
        andy@mac-pro ~ % host pornhub.com
        pornhub.com has address 172.31.255.2
        Host pornhub.com not found: 2(SERVFAIL)
        Host pornhub.com not found: 2(SERVFAIL)
        andy@mac-pro ~ %

        DNSBL.png

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @DanielAyer
          last edited by Gertjan

          @danielayer said in DNS Whitelist Project:

          DNS Whitelist project

          Easy answer : you can't.
          Making a list with allowed DNS hosts is impossible as it will take unimaginable resources to store this file (or even creating it).
          And the moment you have it, it's already outdated, as thousands of new hosts have been created, and some have expired.
          "whitelisting" the Internet is like managing a list with all the phone numbers on planet earth.

          The way doing things is using lists with sites you don't want to access 😊
          ( I know, I knew you meant to do that )

          The good news is : these lists already exist.
          That's one of the reasons why the pfBlockerng-devel pfSense project has been created.

          Btw : small detail :

          3fb52aa8-ffba-4b1c-b3a4-87e5f4a3ec92-image.png

          Go for "Null blocking (logging).
          Like this :

          ca458a55-7caa-40b1-a421-1508be5a35c2-image.png

          The idea of showing a web page that informs the user he wanted to visit a site that is blocked doesn't work for 99,99 % of all cases.
          The 0,001 % are the sites that are still http (not https). The number tells you : they don't exist anymore.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 1
          • First post
            Last post