Netgate SG-1000 microFirewall

Author Topic: Whitelisting advice....  (Read 257 times)

0 Members and 1 Guest are viewing this topic.

Offline GlennNZ

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Whitelisting advice....
« on: December 31, 2017, 02:47:21 pm »
Hi BBcan177

Thanks a lot for PfblockerNG a very powerful addition to any pfSense box I would think.

I have had DNSBL running for months flawlessly blocking ads for all connected devices - makes an enormous change to the browsing experience. 

As my knowledge with PfSense grew I discovered that other than top_4 blocks I was not applying any ivp4 filtering with Pfblock (other than separate DNSBL).

I have a question regarding whitelisting..

Is there any way with Ivp4 blocking (other that a higher order whitelist) to remove IPs from the blocklist?
What I was looking for is - Like what occurs with DNSBL Custom whitelist? 
ie. I donít want to whitelist the IP - I just want to make sure it isnít in the blocklist.  (which is currently made up of multiple feeds)

Have a whitelist setup of needed to pass IPs (mainly xboxlive related stuff for family) but realise this gives pretty free access and would prefer to have these domains filtered and removed from the blocklist.

Asking a question is always a good way to come up with  answer -- is what I am after the SuppresionList Alias?  I may have failed to look there as was expecting a within pfblockerNG setting (like my experience with pfblockerNG DNSBL whitelisting )

Thanks for you time


« Last Edit: December 31, 2017, 07:29:49 pm by GlennNZ »

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +824/-5
    • View Profile
    • Click for Support
Re: Whitelisting advice....
« Reply #1 on: January 03, 2018, 04:08:26 pm »
To overcome an IP blocked event, you have two choices:

1) Suppression - This is limited to only /32 and /24 blocked events.

2) Add the IP to a Permit Alias, that will permit the IP outbound, before the Block rules take effect.
"Experience is something you don't get until just after you need it."

 | | Twitter @BBcan177  | #pfBlockerNG |