NxFilter Tutorial

GUI - System
These are mostly system-wide settings for NxFilter.


System > Setup > Block and Authentication
- Block Redirection IP
This is the IP address of NxFilter itself. If there is a blocked DNS request, it will be redirected to this IP address. Normally, it will be populated automatically during the installation process.

When you use clustering, you can add multiple block redirection IP addresses separated by commas for redundancy.

- Silent Block

With this option enabled, we don't do block redirection. So, there's no block page to be shown. This option is for the users wanting to block a website silently. On user browser, it will be appeared as a connection problem or a DNS resolution failure. This option is also useful when you want to hide the SSL warning from blocking HTTPS request.
Even if you use 'Slient Block' option, 'Block Redirection IP' is still needed for login redirection and some other internal purposes.

- Enable User Authentication

After you enable this option, any unauthenticated user will be redirected to NxFilter's login page.

- Login Domain

You can access NxFilter's login page using the domain set here.

When you try to access the login page using Login Domain, you may get an SSL warning. The solution is to use CxForward. To find out more, read CxForward and SSL warning

- Logout Domain

If you send a DNS request for this domain, your login session will be cleared out. The easiest way of using this feature would be to enter the domain into your browser address bar.

- Login Session TTL

NxFilter keeps a login session after a user logged in. However, this login session needs to be expired eventually. It is especially required when there is a shared PC by several users. If a user doesn't make any DNS request for the specified amount of time defined here, his login session will be expired and the user needs to login again.

- Web Login Limit

With this option, you can set a limit on the number of devices a user can use in your network. This feature helps prevent users from sharing a privileged account to bypass filtering. To find out more, read How to limit the number of devices per user in your network with NxFilter v4.6.9.3.

- Disable Login Redirection

With this option enabled, NxFilter doesn't do login redirection. All the DNS packets from unauthenticated users will be dropped. This option is for hiding your server from DNS attackers when you deploy your server on the internet.


System > Setup > Syslog
NxFilter supports Syslog exportation and file exportation of its DNS log data. You can build your own reporting system with this feature or you can monitor DNS requests in a real-time way.

- Syslog Host

The host IP address to which you want to send your log data.

- Syslog Port

UDP port of a target host.

- Export Blocked Only

With this option, NxFilter sends the log data of blocked DNS request only.

- From Each Node

At default, Clustered NxFilter sends Syslog data only through its master node. When you enable this option, each node exports its own data.

- Use JSON Format

At default, NxFilter exports its log data as a pipe-separated character string. You can set it to export the data in JSON format.

- Enable Remote Logging

Enable Syslog exportation.

- Enable File Logging

Enable file exportation. It will write DNS request log into /nxfilter/log/export.log file.

To find out more, read DNS log exportation

System > Setup > NetFlow
NxFilter supports bandwidth control. It is possible by importing NetFlow data. To find out more, read Bandwidth control with NxFilter

- Router IP

The IP address of a device sending NetFlow data to NxFilter.

- Listen Port

The UDP port number of NetFlow collector.

- Run Collector

Run NetFlow collector. After change this option, you need to restart NxFilter.


System > Setup > Misc
- Admin Domain
You can access NxFilter admin GUI using the domain set here. For example, if you set 'admin.example.com' to be your admin domain you can access your admin GUI by typing 'http://admin.example.com/admin' into your browser address bar.

This only works when you use NxFilter as your DNS server.

- Log Retention Period

If you keep your log data too long, you may have a disk space problem. You can set how long NxFilter keeps its log data here.

- SSL Only to Admin GUI

When you want to allow HTTPS access only to your admin GUI, enable this option.

- Auto Backup

NxFilter makes a backup file for its configuration into /nxfilter/backup directory on 01:00 everyday. The name of the backup file starts with 'auto-' prefix. You can have up to 30 backups.

- Filter A Query Only

With this option enabled, NxFilter filters A and AAAA queries only. You will have a smaller traffic database and better performance.

- GUI Language

You can change GUI language.

- GUI Date Format

You can change GUI date format.


System > Admin
You can change admin name and password for GUI login here.


System > Sub-Admin
You can create sub-admin accounts and set GUI access permissions for them.


System > Alert
NxFilter sends an email for recent blocking or access violation. If you want to send an alert email to 'admin@example.com' from 'alert200@nxfilter.org' every 15 minutes then the setup would look like the below.

  • Admin Email : admin@example.com
  • SMTP Host : smtp.nxfilter.org
  • SMTP Host : 25
  • SSL/TLS : None
  • SMTP User : alert200@nxfilter.org
  • SMTP Password : ********
  • Alert Period : Every 15 minutes

When you set this up, NxFilter also sends alert emails for system related events. However, 'CC Recipients' is only for access violation by your filtering policies.

You can select alert events of which you want to get notified when a DNS request gets blocked.


System > GUI Access Control
IP based access control for GUI.


System > Backup
You can create and download a backup file for the current configuration of NxFilter.


System > Block Page
You can set up your own block page, login page, password page, welcome page. When you edit your block page you can use the following variables populated by NxFilter for making your block page more informative.

  • #{domain} : Blocked domain
  • #{reason} : Reason for block
  • #{user} : Logged-in username
  • #{group} : Groups of the logged-in user
  • #{policy} : The applied policy
  • #{category} : Categories of the blocked domain


System > Mobile Config
This is for a template for .mobileconfig file. This template is for generating a user specific DNS over HTTPS setup profile for iOS and macOS devices.


System > Clustering
NxFilter has a built-in clustering. You can make your NxFilter to be a master node or a slave node in a cluster. After you change the values in cluster setup you need to restart NxFilter to apply the new settings. To find out more about clustering, read Clustering with NxFilter


System > License
When you purchase a license, you will receive a file containing a license key. You can activate the license key here.