Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enforce pfblockerng for specific hosts/networks

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 655 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparkman123
      last edited by

      Is there a way to craft pfblockerng firewall rules such that they are only enforced for certain hosts/networks on the LAN?

      For instance, if I only want to have rules enforced for my VPN clients.

      Thanks

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        Sure, use one of the "Alias" options for the "List Action" and create the rules yourself. See: https://forum.pfsense.org/index.php?topic=142225.msg775638#msg775638

        1 Reply Last reply Reply Quote 0
        • S
          sparkman123
          last edited by

          Ok thanks. I got that to work.

          But I guess I was looking for a way to bypass the firewall rules as well as DNSBL (i.e. I wanted a subnet on my LAN which would behave as though pfblockerng was not installed).

          I found this post:

          https://forum.pfsense.org/index.php?topic=119031.0

          which seems to suggest that the only way around DNSBL is to push an entirely separate DNS entry for the hosts that will bypass DNSBL. The problem with this though is that these hosts will not be able to take advantage of DNS over TLS as implemented in pfsense.

          Is there any other way to bypass DNSBL?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.