Reply
New Member
Posts: 10
Registered: 4 weeks ago

ER-X model - How to whitelist/blacklist sites?

https://help.ubnt.com/hc/en-us/articles/218732788-EdgeRouter-Create-a-Firewall-Rule-using-Deep-Packe...

 

The article above, for the Edge X router does not work, when I go thru the steps the router then moves to a 169.x.x.x IP and becomes useless.

 

I dont see anything regarding the X in the material.

 

Any nudge appreciated.

 

Chris

New Member
Posts: 10
Registered: 4 weeks ago

Re: ER-X model - How to whitelist/blacklist sites?

Well I overlooked a step. I was applying the interfact to all LAN ports and not the WAN port (eth0)

 

Now, facebook is blocked.

New Member
Posts: 10
Registered: 4 weeks ago

Re: ER-X model - How to whitelist/blacklist sites?

My ultimate goal is to apply the theroy of least access, meaning id like to block ALL sites and then allow what I see fit, in regards to surfing the web

Established Member
Posts: 807
Registered: ‎06-17-2015
Kudos: 164
Solutions: 50

Re: ER-X model - How to whitelist/blacklist sites?

New Member
Posts: 10
Registered: 4 weeks ago

Re: ER-X model - How to whitelist/blacklist sites?

Seems like alot of work for something that should be included with the Routers CLI??

Highlighted
New Member
Posts: 10
Registered: 4 weeks ago

Re: ER-X model - How to whitelist/blacklist sites?

https://help.ubnt.com/hc/en-us/articles/218732788-EdgeMax-Create-a-Firewall-Rule-using-Deep-Packet-I...

 

Using that, I am unable to block Yahoo.

 

Please advise. Thanks for any help.

 

Chris

Veteran Member
Posts: 7,609
Registered: ‎03-24-2016
Kudos: 1979
Solutions: 871

Re: ER-X model - How to whitelist/blacklist sites?

If the ER is running dnsmasq, example below might be an option

Spoiler
set firewall group address-group MSUPDATE4
#creates empty group. Use dnsmasq to populate the corresponding ipset
set service dns forwarding options ipset=/windowsupdate.microsoft.com/update.microsoft.com/windowsupdate.com/download.microsoft.com/ntservicepack.microsoft.com/MSUPDATE4

It create an empty group and uses dnsmasq queries to populate the group. 

The group can be referenced in firewqall rules

 

Adapt at will into blacklist or whitelist group

Reply