PFBlockerNG-Devel Different DNSBL lists on different LANs
-
I am trying to setup DNSBL lists for a school and they want different content filtered for the student and teacher vLANs. I am not finding any good way to filter this by LAN.
I can completely skip DNSBL for IP ranges in the DNS resolver but this just leaves the teacher LAN wide open.
I thought maybe I could just manually create firewall rules for the Teacher LAN but I tried importing the same lists to the IPv4 area I want to use but it doesn't resolve DNS so the lists I have are useless. Same things seems to be true with built in Alias URL tables. And the DNSBL section just creates one massive rule for everything you are filtering.
Does anyone have any ideas for this?
-
I have not used the DNSBL feature at all, but it strikes me it would have only the one DNS server (on pfSense) to work with. Have you considered a second router for the teachers? Either in parallel to the Internet, or connect the teacher router into the main router.
-
I have considered it, I was simply trying to avoid it. I was trying to keep it down to one piece of equipment if possible.
Worst case I'm actually considering using a secondary pihole DNS server. I am just hoping it is possible on one device. Would also be great to find a solution to keep cost down when pricing out solutions to other clients.
-
PfBlockerNG is not the tool to use for content filtering. PfBlockerNG is used to sinkhole content like adverts or malicious IPs/domains.
You want to use Squid or Squidguard and setup categories to block for specific groups of users, subnets or VLANs.
There are already guides out there on how to do this.