Potential bug with python group policy whitelist feature, makes queries unfiltered globally.

chrcoluk

Guys, I would appreciate if anyone could confirm this behaviour, I reported it on reddit but no response from bbcan17.

Setup a DNSBL.
Enable python, python control, python dnsbl, python group policy,
In the python group policy whitelist box add an IP of a device using pfsense DNS.
Force reload/update so everything is live.

Make sure the cache is cleared when doing this test.

Do a lookup of a filtered domain using a device that is NOT whitelisted, you should get filtered response.
Now do a lookup of the same filtered domain on the whitelisted device, and you should get the unfiltered response.
Now do the same lookup again on a device that is NOT whitelisted, and if it behaves the same way as mine, you will get a unfiltered response.

From what I can observe this will persist until the next time the cache is cleared.

Gertjan

@chrcoluk

Yep.
Is known : Problem with Python Group Policy - Cached Domains