PFBlockerNG Bypass for specific IP address

slbailey617 · Aug 18, 2021, 5:57 PM

I have enabled pfblocker with ad blocking, etc. on my network. Works great...

Except for one thing... The wife plays a game on her iPad that gives her benefits by watching ads.

Is there a way I can bypass her ad blocking on the specific IP address of her iPad?

I see where I can whitelist certain domains but short of sniffing the wire while she's playing I can't find all the domains they route you to.

Plus I really don't want to enable those domains on every device. I'd rather lock her workstation down to a specific IP address and allow her to bypass pfblocker.

Ideas?

awebster · Aug 18, 2021, 7:27 PM

@slbailey617 After you've locked the device to a specific IP (DHCP reservation or static IP), you will need to change the default pfBlocker rule Order so that you can have your own rules before any pfBlocker rules, and then put a LAN firewall rule to allow her device's IP access to the Internet before any pfBlocker rules

slbailey617 · Aug 18, 2021, 7:32 PM

@awebster I'm not seeing the PFBlocker rules for the DNSBL groups... That's the only rule I want to override for her IP... Don't DNSBL any requests from her IP.

awebster · Aug 18, 2021, 7:52 PM

@slbailey617 Sorry I missed the DNSBL part. DNSBL will return the virtual blacklisted IP to the clients who request a blocked domain, so rules won't help here.
An easier mechanism might be to provide alternate DNS servers for that one client, ie: use 8.8.8.8 instead of the pfSense DNS service.

Uglybrian · Aug 21, 2021, 12:38 PM

Hi, you can also add the static ip to the DNSBL Python Group Policy.

slbailey617 · Aug 21, 2021, 12:43 PM

@uglybrian I like this solution better. I will try this and see if it works.