Custom aliases using domain name
-
-
Instal lpfBlockerNG-devel
-
Run the setup wizard , define your inbound and outbound interface.
-
Create a rule Firewall -> pfBlockerNG -> IP -> IPv4 as per my screenshot but set it as deny outbound
-
Run update via Firewall -> pfBlockerNG -> Update, the firewall rules will automatically be created
The rules will automatically be created on the inbound and outbound interfaces, give it a go, its quite easy.
Re the paid block list you can, depending on the format, it basically creates tables that are used in firewall rules, check the tables out via Diagnostics -> Tables
-
-
@nogbadthebad Hello.. Thank you for your support. I am sorry for the delay in the reply. I was doing a whole new set up. I have multi wan failover setup done. So in PfblockerNG, The Inbound interface --> WAN1 & WAN2 and The outbound interface --> LAN. Is it the right method?
-
Yup sounds right.
-
@nogbadthebad I am having multiple vlans created in pfsense. Then I think the outbound interface should be all the vlans.
-
Yes.
-
@nogbadthebad Hi, I tried doing it, But it is not blocking facebook. Please find the screenshots.
-
It's deny outbound.
Get it working with ASN numbers they play with the social networking source after.
-
I've just tried it and its an issue with your block list as it doesn't contain valid IP addresses just 0.0.0.0 FQDN.
PfB_Test_v4 Table
IP Address
123.41.54.45
130.211.230.53
160.41.54.45
163.41.54.45
194.41.54.45Rather than using IP try using the DBNS
-
Can you please suggest any list?
-
Have you tried blocking facebook by ASN numbers or like I suggested try the using the list your using in the DBNSL section as per my screenshot.
-
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
-
@su30mki said in Custom aliases using domain name:
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
via IP and ASN number or DNSBL ?
-
@nogbadthebad Now how do I segregate different rules for different vlans?
-
Use alias permit, alias deny, alias match & alias native.
That will just create an alias you can use in firewall rules.
-
@nogbadthebad Can you please help me with a screenshot?
-
Only allow GB access to my SFTP server:-
-
@nogbadthebad Thank you for your effort. But that is Geoip. Imagine I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it? How can I do different rules for different vlan via DNSBL?
-
Use ASN if you want to block a specific company.
DBNSL alters DNS so x.y.z.abc.com resolves to an internal ip address on your router.
IP creates tables that can be used in firewall rules.
The example I gave you was a GeoIP one I use but ASN based ones are no different, rather than containing a countries IP range it contains a companies IP range.
-
@su30mki said in Custom aliases using domain name:
I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it?
First at all, you have to configure your vlan.
After that, you have to create an ACL in order to provide internet access to one vlan and block it in the other vlans.
Remember set your device as a “Layer 3” device.