Firewall DNS Rules



  • Ok, I'm a little lost on making DNS Server Rules where Rule1 would allow the usage of the OpenDNS and then Rule2 would deny the use of anything else.  Reasoning is so that my son can statically change his DNS to avoid being filtered…



  • To make an alias:
    Go to Firewall->Aliases
    Click the + sign
    Type in the name and description
    Click the + sign at the bottom twice
    add the following IPs each on their own line: your firewall, 208.67.222.222, 208.67.220.220.

    Now for the rules:
    Go to Firewall->Rules->Opt1
    Click the + sign

    then (I have listed only the options which you need to edit):
    Protocol: TCP/UDP
    Destination Type: Single Host or Alias
    Destination  Address: whatever you named the alias
    Destination Port Range from & to: DNS

    Click save.



  • @XIII:

    To make an alias:
    Go to Firewall->Aliases
    Click the + sign
    Type in the name and description
    Click the + sign at the bottom twice
    add the following IPs each on their own line: your firewall, 208.67.222.222, 208.67.220.220.

    Now for the rules:
    Go to Firewall->Rules->Opt1
    Click the + sign

    then (I have listed only the options which you need to edit):
    Protocol: TCP/UDP
    Destination Type: Single Host or Alias
    Destination  Address: whatever you named the alias
    Destination Port Range from & to: DNS

    Click save.

    Wow.  You have really been helpful.  I created an Alias just for OpenDNS so that is all that would be accepted under the OPT1 interface.  Then the second rule rejects all port 53.  Thanks again for taking the time to explain this.



  • Correct. You are welcome. I got this from the pfSense Docs/Book.



  • @XIII:

    Correct. You are welcome. I got this from the pfSense Docs/Book.

    You know I've skimmed through it but I never even thought about an Alias as I've never used them before.  Very handy.


Log in to reply