OPNsense Forum

English Forums => Development and Code Review => Topic started by: cgwork on January 07, 2019, 08:33:26 pm

Title: Sensei by-pass rule
Post by: cgwork on January 07, 2019, 08:33:26 pm

Is there an a way i can add a rule for one static IP to bypass sensei filtering?

Title: Re: Sensei by-pass rule
Post by: mb on January 08, 2019, 06:17:00 am

Hi @cgwork,

For any destination hostname, you can write a whitelist via Web Controls -> User Defined Categories. Just add a new category and put the whitelisted domains into that. Make sure the green tick is there to have them whitelisted.

If you want to do the same for a specific source IP address, this is not possible with current functionality.

Upcoming premium edition will have Policy based filtering, which will enable you to create specific policies based on flow direction (incoming, outgoing, both), local IP addresses, local subnets, VLAN ids, Active Directory Groups or Users. You'll be able to customize Security, App Controls, Web Controls and TLS Inspection per policy. 

Title: Re: Sensei by-pass rule
Post by: cgwork on January 09, 2019, 03:20:46 pm

Good Morning, mb

I actually wanted to exclude a internal system to by-pass all the filtering for testing purpose. Do i do this also create an white list for it?

Perfect example is i tried to visit your site https://www.sunnyvalley.io and see a white page on both Firefox and Chrome. I even created a  Web Controls >  User Defined Categories > Testing > your website. Saved the changes but no joy.

Title: Re: Sensei by-pass rule
Post by: mb on January 10, 2019, 06:46:26 am

Hi @cgwork,

Understood now, thanks for the additional information.  In terms of source IP based whitelisting, we've designed it as part of policy based filtering, which will be part of the Premium subscription.