Exception for DNSBL Rule



  • Hi,

    I'm using PfSense  2.3.3-RELEASE-p1 with pfBlockerNG 2.1.1_7.

    I'm trying to configure an exception for a DSNBL Rule and I got some problems…

    I configured a DNSBL Feed with a hosts list (http://www.malwaredomainlist.com/hostslist/hosts.txt) with a rule : Deny outbound
    Clients couldn't reach the host names : everything work fine.

    But I tried to configure an exception : one host in lan should reach these domains.
    I configured an alias in "Advanced Outbound Firewall Rule Settings - Custom source" with parameters "Enable - Invert" : but the host name couldn't be reached.

    I configured the same manner a GeoIp rule, and it functions as expected : only the "custom source" can reach the country.

    Could someone tell me if I missed something ?
    Thanks



  • go to pfBlockerNG > DNSBL > DNSBL Whitelist
    add the domain you want to access or whitelist, click save.
    then goto update tab, and run - force reload

    the newly added domain should be accessible



  • Thanks for you answer.
    That's not what I want to do.
    I want to build a domain blacklist for all computers in my LAN, except one host.
    The blacklist functions, but not the exception for one host.

    I did that sucessfully for geoIP with the function : "Advanced Outbound Firewall Rule Settings - Custom source"
    In DNSBL, this same function doesn't seem to have any effect (in my configuration)


  • Banned

    This just doesn't make any sense whatsoever. Using the list in DNSBL will make it resolve to the virtual IP configured in pfBNG. Has nothing to do with firewall rules, and cannot be bypassed by any firewall rules.



  • @Nic12:

    I want to build a domain blacklist for all computers in my LAN, except one host.

    Configure that host to use a different DNS server than the one from pfsense+DNSBL



  • Ok, it seems that I misunderstood some basic principles of pfBlockerNG.
    "Advanced Outbound Firewall Rule Settings" and "Floating rules" misled me.
    Sorry for the newbie questions… ???

    Each clients on my LAN are configured to talk with the PfSense DNS Resolver.
    Is there a way that one client use the default DSN Resolver and not the DNSBL Virtual IP ?
    As soon as DNSBL is configured, is the "old" DNS Resolver totally overridden ?

    Otherway, I have to use a different DNS Server...


  • Banned

    @Nic12:

    Ok, it seems that I misunderstood some basic principles of pfBlockerNG.
    "Advanced Outbound Firewall Rule Settings" and "Floating rules" misled me.
    Sorry for the newbie questions… ???

    Please, read the description there:

    Configure settings for Firewall Rules when any DNSBL Feed contain IP Addresses


Log in to reply