Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking all but the whitelist.

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dabone
      last edited by

      Is it possible to use this to block all but a few websites using pfblocker.

      I'd like to just block all dns requests except for whitelisted domains.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Not really in the package, but you could probably do that in the pfSense Unbound Adv. Configuration settings using "local-zone" "static" settings.

        https://www.unbound.net/documentation/unbound.conf.html

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • M
          mhab12
          last edited by

          https://forum.netgate.com/post/774687

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by BBcan177

            @mhab12 said in Blocking all but the whitelist.:

            https://forum.netgate.com/post/774687

            Using a "dot" in Squid is the same for Unbound. Create a "local-zone" with ".", and then define all the "local-data" entries that you want to allow. Any local-data not defined will return nxdomain.

            From the Unbound docs link posted previously:

            local-zone: <zone> <type>

            **static**
                 If there is a match from local data, the query  is  answered.
                 Otherwise,  the  query  is  answered with nodata or nxdomain.
                 For a negative answer a SOA is  included  in  the  answer  if
                 present as local-data for the zone apex domain.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.