Diversion [SOLVED] Exclude subnet from Diversion blocking

[kstamand]

I've searched the forum and was unable to find anything related to excluding a whole subnet from Diversion, but I welcome feedback / tips on how to search better if related posts exist.

I am familiar with bypassing for a singled device using DNS Director and have been successful with this approach - but I have more than a handful to deal with and looking for something more dynamic..

My goal is to exclude all devices in a given subnet (a specific Guest network SSID/IP range) from Diversion blocking - family coming for the holidays and the hate the blocking I have in place.

Can Diversion be setup to exclude all clients in a given subnet? If not, is there a way to accomplish this with dnsmasq configuration (I am familiar with dnsmasq.postconf processing)?

 

[thelonelycoder]

Can Diversion be setup to exclude all clients in a given subnet? If not, is there a way to accomplish this with dnsmasq configuration (I am familiar with dnsmasq.postconf processing)?

Nein, that is not a feature that Diversion offers.
This would need a separate Dnsmasq instance and I doubt this can be done with a dnsmasq.postconf file as this affects only the main instance where Diversion runs on.

 

[kstamand]

@thelonelycoder thanks for the response, much appreciated and a follow question to you or others in the know.

Would the following type of approach be a possible option? If yes, I might try my hand at hacking together a prototype script for community feedback (I'm no where near skilled at the level of those like yourself and others I see on this forum, but willing to try and learn).
- dynamically update associated LAN DNSDirector nvram entries (e.g. dnsfilter_rulelist) whenever a specific range of IP addresses are assigned
* I looked at user script DHCP-EVENT and it appears that only fires for the WAN interface and I don't know if there is a similar event that fires for other interfaces??
### Update - found the answer to the DHCP-EVENT question, it appears the dnsmasq "dhcp-script" option may be where one could possibly trigger this work flow. Please correct me if I'm mistaken ###
** I would need help finding references / documentation on the meaning, layout, and options of the associated nvram entries (sample below and not sure if these would be all related??)
nvram show | grep dnsfilter
dnsfilter_custom1=1.1.1.1
dnsfilter_custom2=1.0.0.1
dnsfilter_custom3=8.8.8.8
dnsfilter_custom61=
dnsfilter_custom62=
dnsfilter_custom63=
dnsfilter_enable_x=1
dnsfilter_mode=11
dnsfilter_rulelist1=
dnsfilter_rulelist2=
dnsfilter_rulelist3=
dnsfilter_rulelist4=
dnsfilter_rulelist5=
dnsfilter_rulelist1=
dnsfilter_rulelist2=
dnsfilter_rulelist3=
dnsfilter_rulelist4=
dnsfilter_rulelist5=
dnsfilter_rulelist=<>7A:2C:29:84:B0:AD>8

 

[thelonelycoder]

Would YazFi be an option? https://www.snbforums.com/threads/yazfi-v4-x-continued.83846/
It is available trough amtm.

 

[kstamand]

Did not realize the latest version of YazFi had "Extend DNS Filter to guest networks" capabilities.

Worked like a charm and always - THANKS!!!