Documentation

Learn how to use the ZeroDot1s Whitelist Generator

Contents

Getting Started

The ZeroDot1s Whitelist Generator (ZD1-WLG) is a client-side tool that helps you create firewall whitelists and address objects from simple domain lists.

Privacy First: Everything runs locally in your browser. No data is uploaded to any server.

Requirements

To run the generator locally:

  • Any modern web browser (Chrome 80+, Firefox 75+, Safari 13.1+, Edge 80+)
  • A local web server (due to CORS for loading presets)
# Run local server python -m http.server 8000 # Then open http://localhost:8000

Technology

Built with modern web technologies:

  • HTML5 - Semantic markup
  • CSS3 - Custom properties, responsive design
  • JavaScript (ES2020+) - const/let, arrow functions, async/await, optional chaining
  • No frameworks - Lightweight and fast

Supported Export Formats

ZD1-WLG supports 11 export formats for different firewall and DNS systems. Each format includes pattern examples:

Generic (Clean List)
Simple list keeping wildcards with *. prefix. Includes version header and domain count.
Output:
# ZD1-WLG v1.8.6 - Apr 18, 2026
# 2 domains

example.com
*.subdomain.example.com
Plain (No Wildcards)
Clean domain list without wildcards (removes *. prefix).
Output:
# ZD1-WLG v1.8.6 - Plain List...
# 2 domains

example.com
subdomain.example.com
FortiGate (CLI)
FortiGate CLI with address objects and address group. Supports FQDN and wildcard-fqdn types.
Output:
config firewall address
edit "addr_example"
set type fqdn
set fqdn "example.com"
next
end
config firewall addrgrp
edit "whitelist_group"
set member "addr_example"
next
end
pfSense (Alias)
pfSense alias import format. One domain per line, wildcards removed.
Output:
# ZD1-WLG v1.8.6 pfSense Alias
# Domains: 2

example.com
subdomain.example.com
Pi-hole (Regex List)
Pi-hole regex whitelist. Matches domain and all subdomains.
Output:
# Pi-hole Regex - Generated...
(^|\.)example\.com$
(^|\.)subdomain\.example\.com$
Sophos (List)
Sophos XG/UTM FQDN and wildcard lists. Converts .domain to *domain.
Output:
# Sophos FQDN Hosts - Generated...
example.com
*.subdomain.example.com
AdGuard Home
AdGuard Home DNS filter allowlist syntax.
Output:
! AdGuard Home Whitelist
||example.com^
||subdomain.example.com^
Unbound (DNS-over-TLS)
Unbound local-zone redirect for DNS-over-TLS whitelist.
Output:
# Unbound DNS whitelist
# Total domains: 2

local-zone: "example.com" redirect
local-data: "example.com A 0.0.0.0"
Dnsmasq
Dnsmasq address=/domain/0.0.0.0 configuration.
Output:
# Dnsmasq whitelist
# Total domains: 2

address=/example.com/0.0.0.0
address=/subdomain.example.com/0.0.0.0
Suricata (Rules)
Suricata IDS/IPS DNS allowlist rules (pass dns.query).
Output:
# Suricata DNS Allowlist
# Total rules: 2

pass dns.query any any -> any any
(msg: "Allow DNS query for example.com";
dns.query; content: "example.com";
nocase; sid:1000001; rev:1;)
Veeam
Veeam backup infrastructure DNS whitelist.
Output:
# Veeam DNS Whitelist
# Total domains: 2

example.com
subdomain.example.com

Advanced Features

Long TLD Support

The generator fully supports long and specialized TLDs (e.g., .photography, .engineering) up to 63 characters per label, adhering to modern DNS standards.

FortiGate Address Groups

When exporting for FortiGate, the tool automatically generates a config firewall addrgrp block. This allows you to apply the entire whitelist to a policy with a single object.

Smart Wildcards

Input wildcards as .domain.com or *.domain.com. The tool intelligently converts them to the correct syntax for your target system (e.g., regex for Pi-hole, FQDN for FortiGate).

Deep Preset Search

The search function scans not only preset names and descriptions, but also the content inside the presets. Entering a domain name (e.g., "google") will show all whitelists that contain that domain. Use commas or spaces to search for multiple terms (OR logic).

Theme Switching

You can open the site directly in a specific theme by adding an anchor to the URL:

  • https://example.com/#light - Opens in light mode
  • https://example.com/#dark - Opens in dark mode

The theme preference is also saved in your browser's local storage.

Input Format

The generator accepts plain text files with one domain per line. It automatically handles:

  • Comments starting with #
  • Path separators starting with / (but not :// protocol URLs)
  • Empty lines and whitespace
  • Section labels ending with :
  • Wildcard domains (starting with . or *.)

Domain Extraction Logic

The parser intelligently extracts domains from mixed text:

  • Extracts domains from complete URLs (e.g., https://api.example.com/v1 extracts api.example.com)
  • Supports mixed text lines with multiple domains
  • Handles protocol-aware parsing (ignores :// as comment)
  • Validates domains contain at least one dot and 3+ characters
# Example input file # This is a comment google.com https://youtube.com/watch?v=1.8.7 api.example.com / API endpoint .subdomain.example.org *.multicast.example.com

Adding Presets

To add custom presets:

  1. Add your domain list as a .txt file to the WLS/ directory
  2. Run node build.js to regenerate the presets manifest
  3. The preset will appear automatically in the Generator
Tip

You need a local web server for presets to load automatically. Run python -m http.server 8000 and open http://localhost:8000

Wizard Steps

Step Description
1. Select Choose presets and individual domains via checkboxes
2. Custom Upload a file or paste custom domains
3. Review Review selection and remove domains
4. Export Choose format, preview, copy or download result

Build and Development

To regenerate presets and manifests:

node build.js

Requirements

  • Node.js (v14 or higher)

What Build Does

The build.js script automatically:

  • Scans the WLS/ folder for preset files
  • Validates domains in each preset
  • Generates presets.json with metadata
  • Creates manifest.json with SHA-256 file hashes
  • Updates version strings in all HTML files

When to Run

Run node build.js when you:

  • Add new preset files to the WLS/ directory
  • Update existing presets
  • Want to sync the version number across all HTML files