Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to selectively bypass DNSBL

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 3 Posters 976 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by

      I have pfBlockerNG set up with a number of good block lists and to make sure that an application doesn't try to go around it, all port 53 traffic gets redirected to pfSense. (So dig @8.8.8.8 blockeddomain.com will return the pfBlocker IP). One of the anti-malware lists includes drive.google.com (which I think is good idea since I only use google drive very rarely, but on those occasions when I want to use it, I need a way to get around it.)

      Any suggestions as to an adhoc method.?

      It's a home network and I have ultimate control, so I'd be open to some sort of script that patches the whitelist that goes away when the dnsbl reloads.

      Any ideas would be much appreciated.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      provelsP 1 Reply Last reply Reply Quote 0
      • provelsP
        provels @guardian
        last edited by

        @guardian If you have your own private computer, couldn't you just use a hosts file, since the computer looks there before it does any DNS?

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • RonpfSR
          RonpfS
          last edited by

          From the Alerts Tab, you could Unlock a domain until next Cron Update or Whitelist it permanently.

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          G 1 Reply Last reply Reply Quote 0
          • G
            guardian Rebel Alliance @RonpfS
            last edited by

            Thanks @provels @RonpfS for the replies...

            @provels said in How to selectively bypass DNSBL:

            @guardian If you have your own private computer, couldn't you just use a hosts file, since the computer looks there before it does any DNS?

            That's a great idea @provels.... just tested it out, and it works! I should have thought of that ... I guess I'd make a lousy hacker. It's a bit of a PITA having to manually look up an IP address and edit the hosts file, but it is workable. I might be able to write a script to do a lookup over https and do the insert the lines/remove them when I am done.

            @RonpfS said in How to selectively bypass DNSBL:

            From the Alerts Tab, you could Unlock a domain until next Cron Update or Whitelist it permanently.
            I though that clicking the + permanently whitelisted an entry? Am I mistaken? If I do that is there an easy way to reverse this, or do I have to wait for an update? Can I just do a force reload?

            I know this might be asking for trouble, but could I directly edit a file in pfBlockerNG/pfSense to do a temporary whitelist? If possible I would like to avoid the reload as that takes a fair bit of time sine I have well over 1 million entries.

            If you find my post useful, please give it a thumbs up!
            pfSense 2.7.2-RELEASE

            provelsP 1 Reply Last reply Reply Quote 0
            • provelsP
              provels @guardian
              last edited by

              @guardian Blind squirrel finds nut!
              Pictures at 11!

              Peder

              MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              G 1 Reply Last reply Reply Quote 0
              • G
                guardian Rebel Alliance @provels
                last edited by

                @provels said in How to selectively bypass DNSBL:

                @guardian Blind squirrel finds nut!
                Pictures at 11!

                Sorry, but that one went over my head.

                If you find my post useful, please give it a thumbs up!
                pfSense 2.7.2-RELEASE

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.