Allow Top Level Domain from Country Deny
-
Well the subject title may not be very clear, but I have implemented the Top20 country spammers list for my firewall with the deny outboud action. However, from my logs it looks as though my antivirus program (Avast) is being blocked from obtaining updates. It appears as though it communicates to numerous servers around the globe with different IPs. I would like to add a simple rule that allowed the top level domain avast.com so that it may communicate to its servers and obtain updates. I have searched through the forums and with google and not found an answer, forgive me if my search ability is poor and this type of question has been answered already. If so please direct me to an appropriate link. Thanks.
Jeff
-
Hi Jeff,
I believe that Avast is in Germany which is listed in the TOP20 Spammers list…
You can either unblock Germany, or find which IPs for Avast are getting blocked (Refer to the Alerts Tab).
Then create a pfBlockerNG alias ie: "Permit Outbound" in the IPv4 Tab and add the IPs that you want to bypass the Blocking rules to the "Custom list" at the bottom...
Then set the Rules order (General Tab setting) to have this permit Rule above the Block/Reject rules...
-
I was hoping there was a way to do it with the top level doamain, but I see how your example would work now. I will have to watch the Alerts to see which IPs to add to the Alias. When I was looking before, I recall seeing two, one from a European country and another from a South American country. So it is going to be a matter of watching the Alerts to get them. Thanks.
Jeff
-
If Avast uses a CDN, it might be hit or miss with a TLD domain in the whitelist… Try your google FU and see if you can find the whole list of IPs that are used for the update process, or send Avast Support a request for those IP ranges.... Then add those IPs to the Whitelist....
