Is there anyway to whitelist?
-
Is there anyway to whitelist domains that are being blocked by pfBlockerNG?
So I have all of China blocked but I have realized that my new Terramaster is made by a Chinese company. I don't really want to have to OPEN up China to my back door, so that's why I am asking to make sure if I can't avoid it great if not, well that I guess I am SOL.
Thanks,
-
@smoothrunnings Are you blocking China outbound on your LAN interfaces, I'm guessing you are ?
You could create a alias using pfBlockerNG and the China alias and apply it to the WAN interface:-
-
@nogbadthebad No.
Firewall/pfBlockerNG/IP/IPv4 - have IPv4 setup to deny Inbound.
GeoIP Asia - deny inboundI want to block everything except for terra-mast.com which is a Chinese company that makes NAS units (similar to QNAP/Synology).
Thanks,
-
@smoothrunnings If you change the Deny Inbound to Alias Native (and run an Update), it will create an alias that you can use in your own rules. Then do something like:
allow from Terra Mast IPs
block from Asia using the alias
allow from other good IPs -
@smoothrunnings said in Is there anyway to whitelist?:
@nogbadthebad No.
Firewall/pfBlockerNG/IP/IPv4 - have IPv4 setup to deny Inbound.
GeoIP Asia - deny inboundI want to block everything except for terra-mast.com which is a Chinese company that makes NAS units (similar to QNAP/Synology).
Thanks,
Why the heck would you want them to have unsolicited inbound access to your NAS, you should just need NAS -> terra-mast.com
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
And for my onwn curiosity : why block inbound traffic ?
Outbound maybe ....
I try to sell you the 'don't contact the Chinese, so they won't contact you' but 'incoming' is already hitting the wall anyway.
Exception may that 'VPN in' 1194 UDP port. Well, let them tickle that VPN port. its designed to do so.SFTP/SSH on WAN is something of the past.
-
@nogbadthebad I think maybe you are missing the point there. Terra-master.com which is a Chinese company who makes the TerraMaster NAS box mail servers are all behind the great firewall of China. For me to get onto their forum requires me to open a connection to China with them.
The NAS box, just like my Seagate 4bay NAS boxes let folks know when there is a FW update, it does this by talking to home base everyone once in while. Its also what pfSense does, to let you when when there is an update to your firewall OS.
-
@gertjan For starters this is my homelab, I don't want to block everything as my wife uses the internet to access her work stuff, and you know that saying... Happy wife, happy life .. right? :)
-
@smoothrunnings said in Is there anyway to whitelist?:
@nogbadthebad I think maybe you are missing the point there. Terra-master.com which is a Chinese company who makes the TerraMaster NAS box mail servers are all behind the great firewall of China. For me to get onto their forum requires me to open a connection to China with them.
The NAS box, just like my Seagate 4bay NAS boxes let folks know when there is a FW update, it does this by talking to home base everyone once in while. Its also what pfSense does, to let you when when there is an update to your firewall OS.
I'd be very wary opening an inbound connection that would possibly allow them access to the NAS that then has full access to the LAN.
FYI I get informed of updates from Synology without having to open an inbound connection, the device polls their server.
