Custom aliases using domain name
-
Is it possible to create custom aliases using domain name and not ip address or use a blacklist in the aliases with dns name and not ip address?
-
This post is deleted! -
I want to create the aliases using domain name to block the access to particular website or to use a URL which contains the website of a particular category like shallade black list. I don't want to use the DNS IP I want to use the DNS name.
-
Yes it is possible. Just create an alias containing the FQDN and use this as a destination object in a firewall rule.
-
pfBlockerNG
Block by the ASN number or I think you can use a TLD.
An example using Facebook.
Use deny outbound or use it to create an alias.
-
This post is deleted! -
@kom Thank you.. But I am not going to block it with the DNS IP address but with the DNS name.
-
@nogbadthebad Thank you for the wonderful representation. I am so happy for your effort. Can I assign host based blocking in the network with this method?
-
@youngsand1 Hi.. Thank you for showing your support. I created an alias with the url. But it is not blocking.
-
This post is deleted! -
@su30mki said in Custom aliases using domain name:
@nogbadthebad Thank you for the wonderful representation. I am so happy for your effort. Can I assign host based blocking in the network with this method?
Never used it but there's a bit at the bottom:-
I still think you'd be better blocking by AS number.
-
This post is deleted! -
@nogbadthebad I understand that part. How to create an alias for blocking pfsense by pfblockerng? I am very new to pf blockerng. I also have paid blacklist service. Can I load that to pfblockerng?
-
-
Instal lpfBlockerNG-devel
-
Run the setup wizard , define your inbound and outbound interface.
-
Create a rule Firewall -> pfBlockerNG -> IP -> IPv4 as per my screenshot but set it as deny outbound
-
Run update via Firewall -> pfBlockerNG -> Update, the firewall rules will automatically be created
The rules will automatically be created on the inbound and outbound interfaces, give it a go, its quite easy.
Re the paid block list you can, depending on the format, it basically creates tables that are used in firewall rules, check the tables out via Diagnostics -> Tables
-
-
@nogbadthebad Hello.. Thank you for your support. I am sorry for the delay in the reply. I was doing a whole new set up. I have multi wan failover setup done. So in PfblockerNG, The Inbound interface --> WAN1 & WAN2 and The outbound interface --> LAN. Is it the right method?
-
Yup sounds right.
-
@nogbadthebad I am having multiple vlans created in pfsense. Then I think the outbound interface should be all the vlans.
-
Yes.
-
@nogbadthebad Hi, I tried doing it, But it is not blocking facebook. Please find the screenshots.
-
It's deny outbound.
Get it working with ASN numbers they play with the social networking source after.
-
I've just tried it and its an issue with your block list as it doesn't contain valid IP addresses just 0.0.0.0 FQDN.
PfB_Test_v4 Table
IP Address
123.41.54.45
130.211.230.53
160.41.54.45
163.41.54.45
194.41.54.45Rather than using IP try using the DBNS
-
Can you please suggest any list?
-
Have you tried blocking facebook by ASN numbers or like I suggested try the using the list your using in the DBNSL section as per my screenshot.
-
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
-
@su30mki said in Custom aliases using domain name:
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
via IP and ASN number or DNSBL ?
-
@nogbadthebad Now how do I segregate different rules for different vlans?
-
Use alias permit, alias deny, alias match & alias native.
That will just create an alias you can use in firewall rules.
-
@nogbadthebad Can you please help me with a screenshot?
-
Only allow GB access to my SFTP server:-
-
@nogbadthebad Thank you for your effort. But that is Geoip. Imagine I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it? How can I do different rules for different vlan via DNSBL?
-
Use ASN if you want to block a specific company.
DBNSL alters DNS so x.y.z.abc.com resolves to an internal ip address on your router.
IP creates tables that can be used in firewall rules.
The example I gave you was a GeoIP one I use but ASN based ones are no different, rather than containing a countries IP range it contains a companies IP range.
-
@su30mki said in Custom aliases using domain name:
I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it?
First at all, you have to configure your vlan.
After that, you have to create an ACL in order to provide internet access to one vlan and block it in the other vlans.
Remember set your device as a “Layer 3” device.