If it's about pointing NxFilter using its IPv6 address read https://tutorial.nxfilter.org/i-faq....s-support-ipv6

If it's about setting an upstream server for NxFilter using an IPv6 address, why? You don't have an IPv4 address of your upstream server?

There are 2 kinds of DoH for NxFilter. NxFilter as a DoH client and NxFilter as a DoH server. We support both. In your case, it seems like you want to use it as a DoH client. Set it on 'DNS > Setup > DNS over HTTPS'. There's Cloudflare option.

Hi,

Yes, I am using IPv4 but my ISP also support IPv6 which I would like to use. At home I am currently using AdGuard Home and it supports IPv6 for upstream and DNS over HTTPS as well. I would like to do the same setup with NxFilter, replacing AdGuard Home.

I can see that Cloudflare is an option in the DNS over HTTPS section but I would like to add my own. How do I edit it?

Thanks,

We don't support IPv6 address for upstream server address at the moment as it is not necessary. Any reason for using IPv6 except your personal preference?

We only support Cloudflare and Google DNS at the moment. Which one do you want to use and what's the reason? Any better than Cloudflare or Google DNS?

I managed and look after websites that also have IPv6 addresses. Plus is furfure proofing too.

I use Cloudflare Gateway which provides me my own private DNS over HTTPS URL. I use this as my secondary web filtering encase NxFilter (AddGuard Home at the moment) misses a bad site. Also it provides me 90 days of logs too.

With AdGuard Home I just use my private DNS over HTTPS as my main upstream and that provides me with fast, encrypted DNS and IPv6 access. If this is something that you can add that would be great!

I have also installed NxFilter at a private small college and it is working great! But I was wandering if you provide an SSL certificate that I can use with Group Policy so that the block page and filtering works over HTTPS connections? I have pushed out CxForward which works well but pushing out an SSL certificate would be a lot easier and it would mean other web browsers would work :-)

Yeah, that personal HTTPS URL means something as we provide such a feature as well. We can look into it. But not so sure about IPv6 access. Maybe we need it in future but not so urgent.

What kind of SSL certificate are you talking about? Can you match all the domains with one certificate? You will end up with wrong domain warning by your browser. Can you bypass that with GPO?

The SSL certificate allows the block page to be shown on HTTPS websites. Smoothwall, Fortinet, Sophos and Cloudflare has a certificate that you push out using GPO. It is known as "HTTPS Interception". II have included some links for your own information :-)

https://kb.smoothwall.com/hc/en-us/a...n-BYOD-devices

https://developers.cloudflare.com/cl...oudflare-cert/

They don't look like about DNS filtering. Smoothwall is a webfilter based on webproxy like Squid. And they require you to install the certificate to look into your HTTPS traffic. And Cloudflare looks like that they also have also such kind of product. So, they provide a certificate.

You can have your own certificate on NxFilter, https://tutorial.nxfilter.org/i-faq.php#custom-ssl

I don't think it will be working anyway unless you have some kind of magic certificate matching all domains.

There was a solution by using SSLSplit in old days, https://groups.google.com/g/nxfilter...m/psxRH0qMAQAJ

But using SSLSplit has its own problems like not finding proper block reason on the block page and login page not working. So, we thought CxForward is a better solution.

Thank you very much for adding the "Custom DNS server for DNS over HTTPS" option with the latest version. It helped me a lot. Just IPv6 now 😎
Thanks and have a great Christmas! 😁