Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help to convert iptables/dnsmasq scripts under pfSense

    Scheduled Pinned Locked Moved NAT
    9 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfcode
      last edited by

      Hi, All

      I'm really a newbie to PfSense, I have currently a NetGear R7000 (DD-WRT) router, and try building my old computer as a PfSense firewall router. Under my R7000 router,

      1. there is a firewall script (see below), how to implement under PfSense:

      #Speed up YouTube
      iptables -A INPUT -s 173.194.55.0/24 -j DROP
      iptables -A INPUT -s 206.111.0.0/16 -j DROP

      1. I have some scripts under Router's DNSmasq commands (see below), how to implement under PfSense:

      address=/router.home/192.168.1.1
      address=/voip.home/192.168.1.114
      address=/nas1.home/192.168.1.107
      address=/nas2.home/192.168.1.123

      Thanks much for the help.

      William

      Release: pfSense 2.4.3(amd64)
      M/B: Supermicro A1SRi-2558F
      HDD: Intel X25-M 160G
      RAM: 2x8Gb Kingston ECC ValueRAM
      AP: Netgear R7000 (XWRT), Unifi AC Pro

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        1/ You create a block rule via the GUI. Not sure what's the point though, all inbound traffic from WAN is blocked by default.
        2/ You can use this as is in Services - DNS Forwarder - Advanced, or use the GUI to set up the same Host Overrides.

        1 Reply Last reply Reply Quote 0
        • P
          pfcode
          last edited by

          @doktornotor:

          1/ You create a block rule via the GUI. Not sure what's the point though, all inbound traffic from WAN is blocked by default.

          You may see here: http://www.dslreports.com/forum/r28071070-How-to-Reddit-YouTube-firewall-rule-with-MI424wr

          Release: pfSense 2.4.3(amd64)
          M/B: Supermicro A1SRi-2558F
          HDD: Intel X25-M 160G
          RAM: 2x8Gb Kingston ECC ValueRAM
          AP: Netgear R7000 (XWRT), Unifi AC Pro

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            The block rule needs to go to LAN interface(s), with those ranges as destination. (Certainly does not speed up anything here.)

            1 Reply Last reply Reply Quote 0
            • P
              pfcode
              last edited by

              @doktornotor:

              2/ You can use this as is in Services - DNS Forwarder - Advanced, or use the GUI to set up the same Host Overrides.

              I got this setup, but when try entering "router.home" at the browser, I got error:

              Potential DNS Rebind attack detected, …., try accessing the router by IP address instead of by host name

              How to solve this?

              Thanks

              Release: pfSense 2.4.3(amd64)
              M/B: Supermicro A1SRi-2558F
              HDD: Intel X25-M 160G
              RAM: 2x8Gb Kingston ECC ValueRAM
              AP: Netgear R7000 (XWRT), Unifi AC Pro

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                By reading the notes in the GUI. System - Advanced - Admin Access (DNS Rebind Check, Alternate Hostnames).

                1 Reply Last reply Reply Quote 0
                • P
                  pfcode
                  last edited by

                  @doktornotor:

                  By reading the notes in the GUI. System - Advanced - Admin Access (DNS Rebind Check, Alternate Hostnames).

                  Appreciated.  Lots of stuff to learn for me.

                  Release: pfSense 2.4.3(amd64)
                  M/B: Supermicro A1SRi-2558F
                  HDD: Intel X25-M 160G
                  RAM: 2x8Gb Kingston ECC ValueRAM
                  AP: Netgear R7000 (XWRT), Unifi AC Pro

                  1 Reply Last reply Reply Quote 0
                  • K
                    killmasta93
                    last edited by 

                    #Speed up YouTube
iptables -A INPUT -s 173.194.55.0/24 -j DROP
iptables -A INPUT -s 206.111.0.0/16 -j DROP

                    pfcode does it really speed up youtube? I thought youtube had a large amount of ip tables. I tried blocking them all failed miserable. LOLZ  :-[

                    Tutorials:

                    https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfcode
                      last edited by

                      @killmasta93:

                      #Speed up YouTube
iptables -A INPUT -s 173.194.55.0/24 -j DROP
iptables -A INPUT -s 206.111.0.0/16 -j DROP

                      pfcode does it really speed up youtube? I thought youtube had a large amount of ip tables. I tried blocking them all failed miserable. LOLZ  :-[
                      [/quote]

                      Yes. it does sometime.

                      Release: pfSense 2.4.3(amd64)
                      M/B: Supermicro A1SRi-2558F
                      HDD: Intel X25-M 160G
                      RAM: 2x8Gb Kingston ECC ValueRAM
                      AP: Netgear R7000 (XWRT), Unifi AC Pro

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.