New Member
Posts: 10
Registered: ‎01-24-2019

ER-X model - How to whitelist/blacklist sites?

https://help.ubnt.com/hc/en-us/articles/218732788-EdgeRouter-Create-a-Firewall-Rule-using-Deep-Packe...

 

The article above, for the Edge X router does not work, when I go thru the steps the router then moves to a 169.x.x.x IP and becomes useless.

 

I dont see anything regarding the X in the material.

 

Any nudge appreciated.

 

Chris

New Member
Posts: 10
Registered: ‎01-24-2019

Re: ER-X model - How to whitelist/blacklist sites?

Well I overlooked a step. I was applying the interfact to all LAN ports and not the WAN port (eth0)

 

Now, facebook is blocked.

New Member
Posts: 10
Registered: ‎01-24-2019

Re: ER-X model - How to whitelist/blacklist sites?

My ultimate goal is to apply the theroy of least access, meaning id like to block ALL sites and then allow what I see fit, in regards to surfing the web

Established Member
Posts: 888
Registered: ‎06-17-2015
Kudos: 177
Solutions: 52

Re: ER-X model - How to whitelist/blacklist sites?

New Member
Posts: 10
Registered: ‎01-24-2019

Re: ER-X model - How to whitelist/blacklist sites?

Seems like alot of work for something that should be included with the Routers CLI??

New Member
Posts: 10
Registered: ‎01-24-2019

Re: ER-X model - How to whitelist/blacklist sites?

https://help.ubnt.com/hc/en-us/articles/218732788-EdgeMax-Create-a-Firewall-Rule-using-Deep-Packet-I...

 

Using that, I am unable to block Yahoo.

 

Please advise. Thanks for any help.

 

Chris

Highlighted
Veteran Member
Posts: 7,957
Registered: ‎03-24-2016
Kudos: 2076
Solutions: 912

Re: ER-X model - How to whitelist/blacklist sites?

If the ER is running dnsmasq, example below might be an option

Spoiler
set firewall group address-group MSUPDATE4
#creates empty group. Use dnsmasq to populate the corresponding ipset
set service dns forwarding options ipset=/windowsupdate.microsoft.com/update.microsoft.com/windowsupdate.com/download.microsoft.com/ntservicepack.microsoft.com/MSUPDATE4

It create an empty group and uses dnsmasq queries to populate the group. 

The group can be referenced in firewqall rules

 

Adapt at will into blacklist or whitelist group