Pfblocker Making On IP on LAN to skip everything pfblockers does



  • Is there a way to make One ip (10.0.0.52) on my local lan to skip/miss pfblocker 100%
    So pfblocker does not do anything at all to that computer.

    Thanks



  • Just had a quick look around the GUI, I think its possible but not in a one click manner.

    So pfblockerng filters via DNSBL and IP based BL.

    The latter is done solely via the firewall so modifying the firewall for that LAN ip to bypass should be possible although you may need to adjust an option in pfblockerng related to rule ordering so custom rules are processed before pfblockerng rules.

    The former is done via DNS manipulation, and that will direct blacklisted domain names to a local webserver on the firewall, so to bypass that you need to basically send back different DNS query results to the LAN ip.  This is possible via an exotic unbound configuration (similar to view statements in BIND).


Log in to reply