Enforce pfblockerng for specific hosts/networks
-
Is there a way to craft pfblockerng firewall rules such that they are only enforced for certain hosts/networks on the LAN?
For instance, if I only want to have rules enforced for my VPN clients.
Thanks
-
Sure, use one of the "Alias" options for the "List Action" and create the rules yourself. See: https://forum.pfsense.org/index.php?topic=142225.msg775638#msg775638
-
Ok thanks. I got that to work.
But I guess I was looking for a way to bypass the firewall rules as well as DNSBL (i.e. I wanted a subnet on my LAN which would behave as though pfblockerng was not installed).
I found this post:
https://forum.pfsense.org/index.php?topic=119031.0
which seems to suggest that the only way around DNSBL is to push an entirely separate DNS entry for the hosts that will bypass DNSBL. The problem with this though is that these hosts will not be able to take advantage of DNS over TLS as implemented in pfsense.
Is there any other way to bypass DNSBL?