"
Hi,
Q: How can one do wildcard domain blacklisting in v22 ?
Due to unfortunate circumstances i've been tasked to also manage the opnsense v22.7.11 firewall from a humanitarian NGO which has a very complex configuration and various modifications and software additions programmed by their sysadmin which is no longer amongst us :(
which means that i can't just upgrade to a new opnsense version, and have to make due with the v22 for now.
i'm only used to working with Opnsense v23..25, and have to put a list of domains in the unblound blocklist of this v22 box, which doesn't seem to allow domain wildcards in the list like "*.domain.tld"
The log states: "blocklist download http://10.1.1.1/blocklist.txt (lines: 36 exclude: 24 block: 4)
It is excluding the wildcard listings and only accepting the few fqdn lines.
Some suggest the way to do domain blacklisting by adding a custom unbound config file which uses the [local-zone: "evil.com" always_nxdomain]
But that is not maintainable by the NGO people themselves over time, as they will not modify system files. But they are able to update a simple blocklist text list, which opnsense loads via the GUI.
i've been searching forums, reading documentations, and trying various options for 2 days now, and have reached my wits end.
Can anyone point me in the right direction ?
Kindest regards,
*anna.
Q: How can one do wildcard domain blacklisting in v22 ?
Due to unfortunate circumstances i've been tasked to also manage the opnsense v22.7.11 firewall from a humanitarian NGO which has a very complex configuration and various modifications and software additions programmed by their sysadmin which is no longer amongst us :(
which means that i can't just upgrade to a new opnsense version, and have to make due with the v22 for now.
i'm only used to working with Opnsense v23..25, and have to put a list of domains in the unblound blocklist of this v22 box, which doesn't seem to allow domain wildcards in the list like "*.domain.tld"
The log states: "blocklist download http://10.1.1.1/blocklist.txt (lines: 36 exclude: 24 block: 4)
It is excluding the wildcard listings and only accepting the few fqdn lines.
Some suggest the way to do domain blacklisting by adding a custom unbound config file which uses the [local-zone: "evil.com" always_nxdomain]
But that is not maintainable by the NGO people themselves over time, as they will not modify system files. But they are able to update a simple blocklist text list, which opnsense loads via the GUI.
i've been searching forums, reading documentations, and trying various options for 2 days now, and have reached my wits end.
Can anyone point me in the right direction ?
Kindest regards,
*anna.
