Confusion on allowing specific client IP's on my LAN to bypass Pfblockerng-devel
-
I know this has been brought up multiple times sorry for being dense I just have some confusion on syntax for this under Services > DNS Resolver > Custom Options.
Current syntax under Services > DNS Resolver > Custom Options with Pfblockerng enabled is:
private-domain: "plex.direct"
server:include: /var/unbound/pfb_dnsbl.conf**I have a multiple devices I want to bypass dnsbl (192.168.1.50, 192.168.1.51, 192.168.1.52) but everything else on 192.168.1.0/24 I want running through dnsbl so as I understand it I should just copy and paste the following into the custom options field of the DNS resolver for this:
*server:
private-domain: "plex.direct"
access-control-view: 192.168.1.50/32 bypass
access-control-view: 192.168.1.51/32 bypass
access-control-view: 192.168.1.52/32 bypass
access-control-view: 192.168.1.0/24 dnsbl
view:
name: "bypass"
view-first: yes
view:
name: "dnsbl"
view-first: yes
include: /var/unbound/pfb_dnsbl.*conf -
server:
private-domain: "plex.direct"
access-control-view: 192.168.1.50/32 bypass
access-control-view: 192.168.1.51/32 bypass
access-control-view: 192.168.1.52/32 bypass
access-control-view: 192.168.1.0/24 dnsbl
view:
name: "bypass"
view-first: yes
view:
name: "dnsbl"
view-first: yes
include: /var/unbound/pfb_dnsbl.*conf -
The ones you want to bypass DNSBL, you'll need to create a DNSBL feed and place the sites in the DNSBL custom_list...be sure to set group order to PRIMARY and logging to DISABLE, then force reload.
-
Does this help:
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips
