I have been tuning my set up for some time and still have some issues with SIP, gaming and some web sites like Monoprice.
I have a pretty large whitelist and have the top10m enabled, does anyone know of a few other good lists to help.
Example
Sprint Wifi calling having issues so I have it working better doing the following still need to fix all of the SMS and MMS. The IMS FQDN should have helped with that but seems to not be 100%
*osscdns01.spcsdns.net
*epdg.imcns.spcdns.net
*imcns.spcdns.net
*primgw.vowifi2.spcdns.net
*primgw.vowifina.spcdns.net
*segw.vowifi.spcdns.net
*vowifi2.ims.spcdns.net
Signal app still having issues, need to DNS dig that still
Rock star games had issues until I did this, I think there is a few others, I really need # comment them…
*signin.rockstargames.com
*rockstargames.com
Perfect world for STO
pwigc2.perfectworld.com
pwiwest4.perfectworld.com
pwieast2.perfectworld.com
pwieu3.en.perfectworld.eu
fwwest1.perfectworld.com
fweast2.perfectworld.com
fweast1.perfectworld.com
fweast1.perfectworld.com
fweu1.en.perfectworld.eu
fweu1.en.perfectworld.eu
fweu1.en.perfectworld.eu
*perfectworld.com
I even had issues with Google Drive.
I think a lot of this comes down to SSL handshake issues or HTTP leaks in poor dev work. I dont want to turn off those rules because there is some good attach vectors for them seeing I do host a few things. Anyone know of some good reliable lists for what to whitelist? I was looking at white listing a few ASN’s but with cloud hosting being used by so many vendors they seem to also not update ASN with those IP’s more often then not.
Good example is when I just like the Unifi controller set up script or something I ACL the hell out of that VM and only allow traffic to select external IP’s over VPN and LAN isolate them with inbound only no outbound LAN to LAN/VLAN.
Also I have not found an answer to this but seems to work this way but not always. PfBlocker white list does help override Snort killing something right?