DNSBL for different wans or conditional DNSBL
-
I want to block a set of domains, specifically streaming sites when a wan group fails-over to an LTE gateway.
I've tried/looked into doing this with firewall rules based on ip addresses resolved by pfblocker-ng but the resolved Ip addresses are either too narrow or too broad, especially for a service like youtube where I also need access to other google/gmail services.
I think a DNS black list would be a simpler solution except it needs to be conditional, accessible when the regular wan is active but disabled when the LTE wan is active.
I think the easiest solution would be a second firewall between the LTE wan and the main firewall but I was trying to avoid that.
I think I could have a script fire when failover happens but I haven't looked into that too much yet. I was concerned that would devolve into more complexity than I care to manage.