Bypassing pfblocker for a specfic static ip?



  • Did a lot of reading here and there seems to be a bit of confusion of debate on how to.

    This of course may be due to old posts of old versions.

    I want to bypass pfblocker for a single ip.

    Thoughts?


  • Moderator



  • If you are using static mappings in the DHCP, I believe that one alternative to modifying unbound's custom options would be to specify DNS servers in the DHCP static mapping(s) of the host(s) that you wish to exclude from DNSBL. Of course, this is only if you're willing to use other DNS servers. For example:
    e34b1368-01ba-42a4-9823-862e35fed9b7-image.png
    That way, the host(s) won't use the pfSense machine for DNS at all. Note that you would need to take additional steps for this to work if you have also configured a NAT port forward to redirect any DNS requests from hosts on your LAN to unbound.

    Also, keep in mind DNSBL IPs (if enabled), which are handled via firewall rules instead of unbound:
    8942b15e-05a0-427a-8c20-3fc57f2a1077-image.png

    If you want certain static IPs to also be excluded from this, you can set the list action to Alias Deny, as in my screen shot, and then create your own block rules that do not apply to the static IP(s) in question. Or you could leave the List Action set to one of the "Deny" options that automatically creates rules, but configure advanced rules that exclude your static IP(s):
    100b1944-6399-4c4a-950b-6012b05a0edd-image.png

    @BBcan177, if any of this is terrible or misguided advice, please feel free to set me straight 😉


Log in to reply