I’ve been browsing the forum but haven’t found a solution that fits my specific needs. I’m in the process of starting a grocery store and I’d like to implement PF blocker in the following way:
Apply standard filters to all corporate, data center, and guest networks to block inappropriate content (e.g., pornography).
For PCI networks, I’d like a default “block all” setting, with allowances only for explicitly defined sites or services.
I’ve managed to get started using IPv4 custom lists, but I’m facing a challenge. I need to allow certain wildcard domains for Windows updates and other patch management requirements. I know that wildcard domain blocking generally falls under DNSBL, but I couldn’t figure out how to apply certain lists to specific networks.
How can I achieve this while maintaining a separate policy for the PCI VLAN?
Any guidance would be greatly appreciated.