Different profiles for different zones?
-
Getting lots of value from this - especially now that I have surplus resources to throw at it!
I've got this set up pretty sweet, especially with the addition of some of my own lists (expanded from uBlock Origin, PiHole, et al). It's pretty-much killed most of the unwanted content - mostly ads - across my network, as intended.
Thanks.
What I'm wondering is if it's possible to have different filtering "profiles" - i.e. one that serves as a sort of net-nanny (filtering possible adult content), and another for other potentially dodgy stuff.
Reason being is that I've set up a segregated/segmented/sandboxed DMZ for lab-use & Open guest hotspot, so that visitors to my home-office & neighbourhood kids can simply get online with little to no hassle, but that their content is quite severely restricted so as not to land me in hot water (possibly with the additional use of an upstream filtering provider, such as CleanBrowsing & kb.adguard [dot] com/en/general/dns-providers).
But I do not want this highly restrictive filtering to be applied to my LAN & trusted lab zone, though I still need filtering (so pointing it straight to an upstream DNS provider such as 1.1.1.1, 9.9.9.9 or 8.8.8.8 is not ideal).
-
Not currently, but you can bypass DNSBL for some segments:
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips -
To be clear, I don't want this to be a binary prospect - filtering as either on OR off - but rather applied to profiles, eg. for the "Open Guest net" as pretty super-restrictive (block ads, porn, other 'dodgy' content), say a "family zone" (blocking ad & porn but not other content, such as sex-ed or 'hacking'), "I'm-a-grown-ass-adult" (only block ads) & "lab" (only possible malware).
I oversee another site (makerspace) in a public space where 'hacking' should be allowed/encouraged, torrents trackers blocked (though 'legit' use OK), and CosPlay is a regular feature (& by extension Furries get-ups are worked on), so nudity is OK, but hard-core porn is not (as part of our agreement with our patron/landlord).
I certainly appreciate that this will do absolutely nothing to prevent anyone from using 1.1.1.1 as their primary DNS or standing up a VPN tunnel, but at least I want to ensure I've made a clear effort to keep house in order.
-
@jakes
Yes this will be possible with the upcoming Unbound python integration, but this "profile" feature is not currently completed. I agree that this will be a great feature to have including scheduling times for rules to apply to different profiles...There are some screenshots and info of the upcoming version on my Patreon page: https://www.patreon.com/pfBlockerNG
