DNSBL Config Question



  • In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

    Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

    For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?



  • @tagit446:

    In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

    You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

    @tagit446:

    Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

    Select the interfaces that have devices using pfsense as the router for IP blocking.

    @tagit446:

    For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?

    Deny outbound should be enough if you have no open port on the WAN side as the default block rule already block traffic.

    Deny both is when you have open port on the WAN side.



  • @RonpfS:

    @tagit446:

    In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

    You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

    Please elaborate as I use it on all interfaces (I thought?) but this option only allows you to choose one from the drop down.

    @RonpfS:

    @tagit446:

    Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

    Select the interfaces that have devices using pfsense as the router for IP blocking.

    Have to admit this one confuses me due to the VPN.

    @RonpfS:

    @tagit446:

    For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?

    Deny outbound should be enough if you have no open port on the WAN side as the default block rule already block traffic.

    Deny both is when you have open port on the WAN side.

    This is good to know since I do have several ports open for my COD game.



  • @tagit446:

    @RonpfS:

    You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

    Please elaborate as I use it on all interfaces (I thought?) but this option only allows you to choose one from the drop down.

    Yeah, I wasn't on the DNSBL tab at the time. So you select one of the LAN interfaces then  ;)

    @tagit446:

    Have to admit this one confuses me due to the VPN.

    I don't have VPNs here.


Log in to reply