4. DNS Capture with an Exception

DNS Capture with an Exception

  • J

    Greetings,
    I am fairly new to PF Sense and I am running it in a school environment.  I am using DNS resolver and a port forward intercept to force all users regardless of setting to use my DNS and we are filtering at the DNS level.  I have the following rule:

    Interface: LAN
    Protocol: TCP/UDP
    Destination: Network 192.168.1.1/24 INVERTED MATCH
    Destination Port: DNS
    Redirect Target 127.0.0.1
    Redirect Port: DNS
    Nat Reflection: Disabled

    So this works without an issue.  No matter what the user sets their DNS to I intercept it and pass it through the filter.  I have a few static addressed clients that I do not want filtered.  I want to be able to bypass the above rule and send them on to the google dns at 8.8.8.8.  No matter what I try I can get this action to work properly.  If someone could please give me a little guidance on letting statically mapped and defined local machines ie 192.168.1.250 to bypass the above rule and proceed without DNS being intercepted.  Thanks.

    0
  • N

    Create an Alias containing the IPs/Networks you want excluded.

    Goto the Click "Advanced" next to source. For Source Check Invert match, select Single host or Alias, type/set the Alias name.

    Save the rule.

    0
  • J

    Thanks, I am so use to writing an all inclusive rule and then writing exception rules above that rule to exclude things… I never though of the easy solution like that.

    0
  • J

    I made the changes you mentioned but I still can not get it to work.  Right now it is bypassing all clients instead of just the alias.  I can basically get it to filter all or bypass all.  Perhaps I miss-understood something.  Here is my rule as it sits now:
    Interface: LAN
    Protocol: TCP/UDP
    Source: INVERT MATCH - Alias - bypassfilter
    Source Port: DNS

    Destination: INVERT MATCH - Network - 192.168.1.1/24
    Destination Port: DNS
    Redirect Target: 127.0.0.1
    Redirect Port: DNS
    Nat Reflection: Use System Default

    0
  • V

    The source port has to be "any", only dest port is "DNS".

    0
  • N

    @viragomann:

    The source port has to be "any", only dest port is "DNS".

    This. Applications source ports are usually random ports. And are in the case of DNS.

    Sorry I didn't mention that.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy