Show Posts
1
19.7 Legacy Series / Import of Hosts Table in Aliases
« on: May 23, 2019, 03:24:34 pm »
Hello there,
because of TLS 1.3 and the extension encrypting SNI combined with DNS-over-HTTPS there is only one method left to block certain domains for your LAN clients: block by IP address
So in Aliases we can use IP address lists that will even be updated if specified, but we cannot do the same with FQDNs for hosts.
For example: I'm able to add "www.somesiteyoushouldnotbeabletosee.com" to Host(s) and OPNsense will retrieve the IP address and block the connection (after I set up the firewall accordingly).
What I want is an option to link to a txt file or something similar containing just FQDNs and add them to Aliases.
Maybe even with category function like host names for porn sites, host names for social media, ...
So I can block those sites for LAN clients which use their own DNS and won't be fooled by a transparent proxy.
because of TLS 1.3 and the extension encrypting SNI combined with DNS-over-HTTPS there is only one method left to block certain domains for your LAN clients: block by IP address
So in Aliases we can use IP address lists that will even be updated if specified, but we cannot do the same with FQDNs for hosts.
For example: I'm able to add "www.somesiteyoushouldnotbeabletosee.com" to Host(s) and OPNsense will retrieve the IP address and block the connection (after I set up the firewall accordingly).
What I want is an option to link to a txt file or something similar containing just FQDNs and add them to Aliases.
Maybe even with category function like host names for porn sites, host names for social media, ...
So I can block those sites for LAN clients which use their own DNS and won't be fooled by a transparent proxy.