1. Home
  2. pfSense Packages
  3. pfBlockerNG
  4. How to selectively bypass DNSBL

How to selectively bypass DNSBL

  • G

    I have pfBlockerNG set up with a number of good block lists and to make sure that an application doesn't try to go around it, all port 53 traffic gets redirected to pfSense. (So dig @8.8.8.8 blockeddomain.com will return the pfBlocker IP). One of the anti-malware lists includes drive.google.com (which I think is good idea since I only use google drive very rarely, but on those occasions when I want to use it, I need a way to get around it.)

    Any suggestions as to an adhoc method.?

    It's a home network and I have ultimate control, so I'd be open to some sort of script that patches the whitelist that goes away when the dnsbl reloads.

    Any ideas would be much appreciated.

    0 provels 1 Reply
  • provels

    @guardian If you have your own private computer, couldn't you just use a hosts file, since the computer looks there before it does any DNS?

    0
  • RonpfS

    From the Alerts Tab, you could Unlock a domain until next Cron Update or Whitelist it permanently.

    0 G 1 Reply
  • G

    Thanks @provels @RonpfS for the replies...

    @provels said in How to selectively bypass DNSBL:

    @guardian If you have your own private computer, couldn't you just use a hosts file, since the computer looks there before it does any DNS?

    That's a great idea @provels.... just tested it out, and it works! I should have thought of that ... I guess I'd make a lousy hacker. It's a bit of a PITA having to manually look up an IP address and edit the hosts file, but it is workable. I might be able to write a script to do a lookup over https and do the insert the lines/remove them when I am done.

    @RonpfS said in How to selectively bypass DNSBL:

    From the Alerts Tab, you could Unlock a domain until next Cron Update or Whitelist it permanently.
    I though that clicking the + permanently whitelisted an entry? Am I mistaken? If I do that is there an easy way to reverse this, or do I have to wait for an update? Can I just do a force reload?

    I know this might be asking for trouble, but could I directly edit a file in pfBlockerNG/pfSense to do a temporary whitelist? If possible I would like to avoid the reload as that takes a fair bit of time sine I have well over 1 million entries.

    0 provels 1 Reply
  • provels

    @guardian Blind squirrel finds nut!
    Pictures at 11!

    0 G 1 Reply
  • G

    @provels said in How to selectively bypass DNSBL:

    @guardian Blind squirrel finds nut!
    Pictures at 11!

    Sorry, but that one went over my head.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy