Custom aliases using domain name
-
@nogbadthebad Hi, I tried doing it, But it is not blocking facebook. Please find the screenshots.
-
It's deny outbound.
Get it working with ASN numbers they play with the social networking source after.
-
I've just tried it and its an issue with your block list as it doesn't contain valid IP addresses just 0.0.0.0 FQDN.
PfB_Test_v4 Table
IP Address
123.41.54.45
130.211.230.53
160.41.54.45
163.41.54.45
194.41.54.45Rather than using IP try using the DBNS
-
Can you please suggest any list?
-
Have you tried blocking facebook by ASN numbers or like I suggested try the using the list your using in the DBNSL section as per my screenshot.
-
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
-
@su30mki said in Custom aliases using domain name:
@nogbadthebad Thank you very much.. It is working. Saved my reputation.
via IP and ASN number or DNSBL ?
-
@nogbadthebad Now how do I segregate different rules for different vlans?
-
Use alias permit, alias deny, alias match & alias native.
That will just create an alias you can use in firewall rules.
-
@nogbadthebad Can you please help me with a screenshot?
-
Only allow GB access to my SFTP server:-
-
@nogbadthebad Thank you for your effort. But that is Geoip. Imagine I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it? How can I do different rules for different vlan via DNSBL?
-
Use ASN if you want to block a specific company.
DBNSL alters DNS so x.y.z.abc.com resolves to an internal ip address on your router.
IP creates tables that can be used in firewall rules.
The example I gave you was a GeoIP one I use but ASN based ones are no different, rather than containing a countries IP range it contains a companies IP range.
-
@su30mki said in Custom aliases using domain name:
I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it?
First at all, you have to configure your vlan.
After that, you have to create an ACL in order to provide internet access to one vlan and block it in the other vlans.
Remember set your device as a “Layer 3” device.
