PF DNS specific filtering

N

nscyber

Hello everybody,

Is it possible to filter outgoing DNS requests according to their content?
e.g: to deny access to the website: "the-bad-site.com" (as an example)

If yes, is it possible to show me how?

Furthermore, is it even possible to filter packets according to their payload using only open source firewalls (without using probes like Snort or something else...)?

Many thanks in advance.
 
Not possible with PF alone because PF is a layer 3 packet filter and it has no capability to look side the data payload for filtering purposes. You'll need something that can do "Layer 7" filtering instead.
 
kpa said:
Not possible with PF alone because PF is a layer 3 packet filter and it has no capability to look side the data payload for filtering purposes. You'll need something that can do "Layer 7" filtering instead.
Click to expand...

Thank you for your feedback... So now. I have no other choice than to write a module for PF to add this feature :)
 
nscyber said:
Thank you for your feedback... So now. I have no other choice than to write a module for PF to add this feature :)
Click to expand...

PfSense and maybe OPNsense as well are capable of limited Layer 7 filtering so you might want to take a look at them first.
 
You might also want to have a look at Wikipedia: OpenDNS. You should be able to configure, for example, unbound or named to forward DNS queries to OpenDNS. That will give you some protection. They even have paid services, in case you want more/better filtering.
 
You must log in or register to reply here.
Back
Top