dnsfilter domain-filter
Use this command to configure static domain filter lists in order to decide access for specific domains.
config dnsfilter domain-filter edit {id} # Configure DNS domain filters. set id {integer} ID. range[0-4294967295] set name {string} Name of table. size[35] set comment {string} Optional comments. size[255] config entries edit {id} # DNS domain filter entries. set id {integer} Id. range[0-4294967295] set domain {string} Domain entries to be filtered. size[511] set type {simple | regex | wildcard} DNS domain filter type. simple Simple domain string. regex Regular expression domain string. wildcard Wildcard domain string. set action {block | allow | monitor} Action to take for domain filter matches. block Block DNS requests matching the domain filter. allow Allow DNS requests matching the domain filter without logging. monitor Allow DNS requests matching the domain filter with logging. set status {enable | disable} Enable/disable this domain filter. next next end
Additional information
The following section is for those options that require additional explanation.
config entries
Use this configuration method to specify the static domains, determine their filter types, and the course of action to take upon detection.
action {block | allow | monitor}
Either block (set by default), allow, or monitor when the filter matches the domain.
domain <host-name>
Domain/host name to subject to filtering. Note that this cannot be a URL, as DNS can only resolve host names.
status {enable | disable}
Enable (by default) or disable this static domain filter.
type {simple | regexp | wildcard}
Set the domain type:
- simple: Simple domain/host name; requires an exact match (set by default).
- regexp: Allow use of rPCRE regular expressions.
- wildcard: Allow wildcard characters for partial matching to a domain.
Wildcard entries are converted to regular expressions by FortiOS. As a result of this conversion, wildcards will match any suffix, as long as there is a word boundary following the search term. For example: config entries edit 1 set domain "*.host" set type wildcard next end will match To avoid this, use an explicit regular expression search string: config entries edit 1 set domain "^.*\\.host$" set type regexp next end |