GUI - System
These are mostly system-wide settings for NxFilter.
System > Setup > Block and Authentication
- Block Redirection IP
This is the IP address of NxFilter itself. If there is a blocked DNS request, it will be redirected
to this IP address. Normally, it will be populated automatically during the installation process.
- Silent Block
With this option enabled, we don't do block redirection. So, there's no block page to be shown. This option is for
the users wanting to block a website silently. On user browser, it will be appeared as a connection problem or a DNS
resolution failure. This option is also useful when you want to hide the SSL warning from blocking HTTPS request.
- Enable User Authentication
After you enable this option, any unauthenticated user will be redirected to NxFilter's login page.
- Login Domain
You can access NxFilter's login page using the domain set here.
- Logout Domain
If you send a DNS request for this domain, your login session will be cleared out. The easiest way of using this feature
would be to enter the domain into your browser address bar.
- Login Session TTL
NxFilter keeps a login session after a user logged in. However, this login session needs to be expired eventually.
It is especially required when there is a shared PC by several users. If a user doesn't make any DNS request
for the specified amount of time defined here, his login session will be expired and the user needs to login
again.
- Web Login Limit
- Disable Login Redirection
With this option enabled, NxFilter doesn't do login redirection. All the DNS packets from unauthenticated
users will be dropped. This option is for hiding your server from DNS attackers when you deploy your server on
the internet.
System > Setup > Syslog
NxFilter supports Syslog exportation and file exportation of its DNS log data. You can build your own reporting system with this feature
or you can monitor DNS requests in a real-time way.
- Syslog Host
The host IP address to which you want to send your log data.
- Syslog Port
UDP port of a target host.
- Export Blocked Only
With this option, NxFilter sends the log data of blocked DNS request only.
- From Each Node
At default, Clustered NxFilter sends Syslog data only through its master node. When you enable this option,
each node exports its own data.
- Use JSON Format
At default, NxFilter exports its log data as a pipe-separated character string. You can set it to export the data
in JSON format.
- Enable Remote Logging
Enable Syslog exportation.
- Enable File Logging
Enable file exportation. It will write DNS request log into /nxfilter/log/export.log file.
System > Setup > NetFlow
NxFilter supports bandwidth control. It is possible by importing NetFlow data.
To find out more, read Bandwidth control with NxFilter
- Router IP
The IP address of a device sending NetFlow data to NxFilter.
- Listen Port
The UDP port number of NetFlow collector.
- Run Collector
Run NetFlow collector. After change this option, you need to restart NxFilter.
System > Setup > Misc
- Admin Domain
You can access NxFilter admin GUI using the domain set here. For example, if you set 'admin.example.com'
to be your admin domain you can access your admin GUI by typing 'http://admin.example.com/admin' into your
browser address bar.
- Log Retention Period
If you keep your log data too long, you may have a disk space problem. You can set how long NxFilter keeps
its log data here.
- SSL Only to Admin GUI
When you want to allow HTTPS access only to your admin GUI, enable this option.
- Auto Backup
NxFilter makes a backup file for its configuration into /nxfilter/backup directory on 01:00 everyday.
The name of the backup file starts with 'auto-' prefix. You can have up to 30 backups.
- Filter A Query Only
With this option enabled, NxFilter filters A and AAAA queries only. You will have a smaller
traffic database and better performance.
- GUI Language
You can change GUI language.
- GUI Date Format
You can change GUI date format.
System > Admin
You can change admin name and password for GUI login here.
System > Sub-Admin
You can create sub-admin accounts and set GUI access permissions for them.
System > Alert
NxFilter sends an email for recent blocking or access violation. If you want to send an alert email to 'admin@example.com' from
'alert200@nxfilter.org' every 15 minutes then the setup would look like the below.
- Admin Email : admin@example.com
- SMTP Host : smtp.nxfilter.org
- SMTP Host : 25
- SSL/TLS : None
- SMTP User : alert200@nxfilter.org
- SMTP Password : ********
- Alert Period : Every 15 minutes
When you set this up, NxFilter also sends alert emails for system related events. However, 'CC Recipients'
is only for access violation by your filtering policies.
System > GUI Access Control
IP based access control for GUI.
System > Backup
You can create and download a backup file for the current configuration of NxFilter.
System > Block Page
You can set up your own block page, login page, password page, welcome page. When you edit your block page you can use
the following variables populated by NxFilter for making your block page more informative.
- #{domain} : Blocked domain
- #{reason} : Reason for block
- #{user} : Logged-in username
- #{group} : Groups of the logged-in user
- #{policy} : The applied policy
- #{category} : Categories of the blocked domain
System > Mobile Config
This is for a template for .mobileconfig file. This template is for generating a user specific DNS over HTTPS setup profile for iOS and macOS devices.
System > Clustering
NxFilter has a built-in clustering. You can make your NxFilter to be a master node or a slave node in a cluster.
After you change the values in cluster setup you need to restart NxFilter to apply the new settings.
To find out more about clustering, read Clustering with NxFilter
System > License
When you purchase a license, you will receive a file containing a license key. You can activate the license key here.