White list a LAN IP address



  • After following this guide:
    https://www.reddit.com/r/PFSENSE/comments/48iiq4/pfblockerng_exceptionswhitelist/d0kt7ju

    I've determined that it's not working apparently.

    What I'm trying to accomplish:
    I need a LAN IP host to not use the DNSBL adblocking while the rest of the LAN network continues to enjoy blocked ads.

    Running:
    pfSense 2.3.2-RELEASE (amd64)
    pfBlockerNG 2.1.1_4

    Any help would be appreciated. Just need to continue enjoying pfBlockerNG on my LAN, which excluding one of my LAN PCs so it can view ads.

    Thanks! :)



  • The guide is to whitelist IPs.

    DNSBL works in the Domain name space, not in the IP Space.

    Your LAN device ask a Name server : What is doodle.com IP?
    the Name server would normaly return : doodle.com IP is 12.234.56.9

    pfBlockerNG/DNSBL in pfSense manage a list of domain names to block and it configures the pfSense Name Server to return the VIP for those hosts instead of providing the actual domain name IP.
    pfSense Name Server return : doodle.com IP is 10.10.10.1  8)

    The LAN device use the IP returned and start the connection. The FW is configured to redirect 10.10.10.1 to itself.

    If this is an HTTP/S request, the NAT rule redirect it to the DNSBL web server that answers the request, return a 1x1Gif, and also log the request.

    For other type of connection (Telnet, NTP, ICM, etc), pfsense handle the request that will probably be blocked by the default block rule. No logging is configured for non HTTP/S connections.

    pfBlockerNG/DNSBL does NOT block doodle.com actual IP (12.234.56.9), it return the VIP (10.10.10.1) to the LAN device.

    If you want a LAN device to bypass DNSBL, configure it to query a DNS Server without DNSBL. ;)

    Ex: another DNS server in your network, Google DNS servers ( 8.8.8.8 ), OpenDNS server ( 208.67.222.222, 208.67.220.220 ).



  • Ah! So basically configure this at the device level. Android for example: https://support.opendns.com/hc/en-us/articles/228009007-Android-Configuration-instructions-for-OpenDNS

    Thats a duplicable solution indeed. Thanks!


Log in to reply