"native" mode Family Protect and Allow Rules

Comments

2 comments

  • Avatar
    Firewalla

    Yes, an allow rule will work. But why? do you want those devices to hide? What you can do is block DoH, and then set up DoH on the LAN side, this way, your DNS requests are encrypted and hidden from the ISP and firewalla can still see them.

    The Native family mode does have adult content, tracking and a few other things blocked, which is simular to the OpenVPN version. We may add a few other things in the future

    0
    Comment actions Permalink
  • Avatar
    Stuart

    I already have DoH setup globally with NextDNS. It's working fine.

    However, the options I've selected for that main profile at NextDNS are too strict for a couple of devices/users and I needed to create another profile with different options. The easiest way to apply that different profile is to have these other devices use the NextDNS client, which uses DoH, and is set to connect directly to NextDNS and use this other profile.

    Another way I could do it would be if I could setup multiple DoH connections in Firewalla instead of the single one possible now. Then if I could direct some devices to use one of the DoH connections to NextDNS and direct other devices to use the other DoH connection to NextDNS, I could make this work. (I suppose you could also use it if you wanted some devices to use one DoH DNS provider and other devices to use another DoH DNS provider.)

    I do want to block DoH in general on my network so that nothing will bypass what I have setup with NextDNS. (I also created a rule to block port 853 so nothing can use DoT to bypass.)

    I would have added a redirect for port 53 to force all DNS queries to be done by Firewalla and thus the DoH connection to NextDNS, but I found that seems to already be setup by default.

    0
    Comment actions Permalink

Please sign in to leave a comment.