pfBlockerNG

• 

  pfBlockerNG-devel v2.2.5_20 PR #610
  • BBcan177

  11
  5
  Votes
  11
  Posts
  1467
  Views

  

  @bbcan177 said in pfBlockerNG-devel v2.2.5_20 PR #610: This might be of interest for you instead of the python script: https://nlnetlabs.nl/documentation/unbound/unbound.conf/ DNS64 Module Options Not really. This could probably be used to generate false AAAA records, but that is not the intention. The intention is to return no AAAA records at all, so that the (for example Netflix) client isn't even trying to use IPv6 at all. False records would be the same as blocking IPv6, it will cause disruptions and possibly error messages. But you don't have to worry about that, I have no issues with adding that functionality by myself. @bbcan177 said in pfBlockerNG-devel v2.2.5_20 PR #610: The previous DNSBL parser was a bit aggressive in the domains that it would parse from the EasyList feeds. I intentionally reduced the parser to lines that start with "||" and end with "^"... The other variations can lead to FPs... other DNSBL Feeds will most likely add any missing domains. If I am missing something, please let me know... Well the EasyList feeds are IMHO among the best, but with the current parser they are mostly useless as they classify most ad networks/sources as third-party given that you rarely visit these domains directly but only get the ads from them. Prime example is googleadservices*com, with the current parser (TLD is still enabled) it is no longer blocked using EasyList. Adding other (probably less maintained) lists to fill those holes isn't a solution I'm too happy with, but again that is IMHO and I have no problem patching the parser for my needs.
• 

  pfBlockerNG v2.1.4_15 PR #609
  • BBcan177

  1
  1
  Votes
  1
  Posts
  371
  Views

  No one has replied

• N

  Bypassing DNSBL for specific IPs
  • Ns8h

  6
  1
  Votes
  6
  Posts
  3688
  Views

  R

  One topic I keep not seeing is what if you want to block X for all. But by pass Y for a few and still block X.
• 

  Support pfBlockerNG development!
  • ivor

  3
  2
  Votes
  3
  Posts
  3116
  Views

  A

  I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension. Looking forward to it. I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard. Great work hope it's coming along well ;) Great job.
• K

  Thanks BBCAN177 !
  • Koent

  5
  0
  Votes
  5
  Posts
  2466
  Views

  S

  As pointed out to me in another post. https://forum.pfsense.org/index.php?topic=139634.0
• 

  PfBlockerNG v2.1 w/TLD
  • BBcan177

  122
  0
  Votes
  122
  Posts
  51241
  Views

  H

  I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.
• 

  PfBlockerNG v2.0 w/DNSBL
  • BBcan177

  1070
  0
  Votes
  1070
  Posts
  437908
  Views

  M

  @anttechs said in PfBlockerNG v2.0 w/DNSBL: Many thanks ;) You're welcome I disabled TLD because I had .com and most of the others in there Yeap, that would be it! Cheers
• W

  PfBlockerNG
  • wbennett77

  1189
  0
  Votes
  1189
  Posts
  413049
  Views

  

  @BrettC: Hi, one thing i am noticing with pfBlockerNG is that it may be missing an end-double quote on its shell commands? No the quote is used in the grep command to find an exact match starting with the first quotation mark in the line…  The 502 error is being worked on...  The upcoming release doesn't seem to be affected by this and will hopefully be released shortly... Stay tuned!
• A

  How to block an ip range from any company.
  • anttechs

  2
  0
  Votes
  2
  Posts
  52
  Views

  C

  That the first step. You can also use the import button under Aliases, to enter a blob of addresses. Then, go to Firewall > Rules and add a rule for each alias. You can block just LAN (going out) or WAN (coming in), or use a floating rule. In the rule, include the alias and what you want to do (block or reject).
• C

  DNSBL not activating
  • CyberMinion

  11
  0
  Votes
  11
  Posts
  115
  Views

  C

  With TLD enabled, I hardly even notice a change in resource load. I guess I'll keep it. How would I go about adding custom domain names to be blocked? Do I need to make my own feed, just so DNSBL pulls it down, or can I enter then directly in somewhere? Thanks!
• P

  pfBlockerNG v2.1.4_16 pfB_Top_v4 block count = 0?
  • penicheiro

  2
  0
  Votes
  2
  Posts
  32
  Views

  P

  OK Fixed the error on block count =0 It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.
• 

  Difference between blocked answer?
  • periko

  2
  0
  Votes
  2
  Posts
  52
  Views

  

  DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/
• 

  (solved)dnsbl feeds position matters?
  • periko

  5
  0
  Votes
  5
  Posts
  84
  Views

  

  @ronpfs, thanks for pointing this detail.
• 

  Whitelist domain not working
  • periko

  3
  0
  Votes
  3
  Posts
  84
  Views

  

  I had check this, I understand part of how it works. Thanks RonpfS.
• T

  pfBlockerNG Feeds - How many is too many?
  • talaverde

  6
  0
  Votes
  6
  Posts
  147
  Views

  T

  Okay, it sounds like there is a clear wall. That's good to know. Thanks.
• 

  pfb_dnsbl, pfb_filter and Unbound error at reboot
  • Qinn

  7
  0
  Votes
  7
  Posts
  99
  Views

  

  @ronpfs said in pfb_dnsbl, pfb_filter and Unbound error at reboot: TLD will slow down Cron update but will shrink the size of the DNSBL db Live Reload seems to fail without TLD @BBcan177 logged in here (Teamviewer) yesterday, maybe he can come up with something.
• S

  DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953
  • SnowmanUT

  28
  0
  Votes
  28
  Posts
  360
  Views

  

  https://forum.netgate.com/topic/104772/unbound-restarting https://forum.netgate.com/topic/138449/unbound-restarting-more-frequently Also if you use the Service Watchdog package make sure it does not monitor unbound.
• 

  No DNSBL Blocking after scheduled update
  • m0urs

  11
  0
  Votes
  11
  Posts
  261
  Views

  T

  Just wanted to report back that its been a few days and I can confirm that disabling Live Sync does indeed solve this issue for myself. Since disabling, DNSBL has been blocking as it should after the cron runs. Thanks for the tip on disabling the "Resolver Live Sync" @RonpfS
• J

  Constant unbound reloading with DNSBL
  • j.koopmann

  7
  0
  Votes
  7
  Posts
  93
  Views

  

  @j-koopmann said in Constant unbound reloading with DNSBL: Any ETA or version? We are in the debugging phase now. No ETA is planned yet.
• G

  Updated lists
  • gnordli

  3
  0
  Votes
  3
  Posts
  145
  Views

  G

  thanks again, I will give the -devel version a look.
• G

  Blueliv.com api
  • gnordli

  3
  0
  Votes
  3
  Posts
  102
  Views

  G

  Thanks, but from what I can see they don't a URL auth mechanism.
• N

  Constant update errors...
  • nafeasonto

  6
  0
  Votes
  6
  Posts
  91
  Views

  

  Well from pfB_PRI1_v4 - Abuse_DYRE_v4 you could decode that : It IPv4 Table PR1, the Header/Label is PRI1_Abuse_DYRE Go to Firewall / pfBlockerNG / IP / IPv4 select PRI1 Table, then change the State of PRI1_Abuse_DYRE to off
• C

  pfBlockerNG not blocking URLs from feed list
  • chicagoukes

  3
  0
  Votes
  3
  Posts
  104
  Views

  C

  Thank you so much for the link. This worked. I've enabled the ad/malware lists from the tutorial and added Steve's Black Lists for adult content. I was also able to add the easy lists. Unfortunately I quickly found that some common URL's are note on these lists. I am going to open a new thread trying to get OpenDNS working as another layer. Unfortunately I've found that if I follow a setup for open DNS it breaks the platform.
• 

  pfBlockerNG Sneak peak! Event Timeline charting
  • BBcan177

  1
  0
  Votes
  1
  Posts
  80
  Views

  No one has replied

• J

  pfBlockerNG specific port access...
  • Jhendo6

  3
  0
  Votes
  3
  Posts
  86
  Views

  J

  Thanks BBcan177, I will check out the rule ordering option. For now I have disabled cron jobs to keep my 53/25 rules at the top but realize that is a temporary work around. I my logic correct in that by selecting all countries, setting list action to Deny Inbound, and using Customer DST Port with an alias with the following ports ranges: 1:24, 26:52, 54:586, 588:65535 w/custom protocol to TCP/UDP that I would be essentially blocking all TCP/UDP traffic from the countries selected accept for 25,53, and 587? Thanks again for you help.
• S

  PBLCOKER and Invalid Certificate
  • Simbad

  2
  0
  Votes
  2
  Posts
  76
  Views

  

  See this thread: https://www.reddit.com/r/pfBlockerNG/comments/ao98u1/dnsbl_certificate_error/
• P

  shortened URLs are blocked with https error
  • paulnlynda

  4
  0
  Votes
  4
  Posts
  71
  Views

  

  Then find and disable that specific pfB block. I can't be more specific because I don't use it myself. Maybe this will help? https://forum.netgate.com/topic/101452/url-shortener-blocked/3
• C

  need help with pfblocker
  • catalinn.stanciu

  15
  0
  Votes
  15
  Posts
  292
  Views

  C

  @emammadov thank you!
• C

  pfBlockerNG-devel
  • cdls

  6
  0
  Votes
  6
  Posts
  177
  Views

  

  @cdls make sure that you are on version 2.2.5_21 as there was a fix for Category Blacklists.
• A

  pfBlockerNG-devel 2.2.5_21 / Ad Blocking advice
  • adamdbuk

  2
  0
  Votes
  2
  Posts
  111
  Views

  

  @adamdbuk Right-click on the popup in the browser and click "Inspect" . That will show the html code. If it is a domain, it can be manually added to a DNSBL customlist. Some ADs are now served from the same domain name as the site and I can't be easily blocked with a DNS blocker.
• J

  PHP Error Help
  • jpvonhemel

  3
  0
  Votes
  3
  Posts
  67
  Views

  

  @jpvonhemel Install pfblockerNG-devel, as it's much improved
• T

  Blocking Youtube Ads
  • thezfunk

  27
  0
  Votes
  27
  Posts
  6374
  Views

  L

  @motific Any specific settings I should use under "Diagnostics: Packet Capture"? I'm not sure what I'll be looking for but I sure can try. Also to clarify, the ads do not show up using desktop browsers. I only see youtube ads when using the youtube app with iPads and iPhones. Don't have an android to test with.
• L

  YouTube ads coming thru on AppleTV for some time now.
  • lmannyr

  2
  0
  Votes
  2
  Posts
  106
  Views

  

  @lmannyr said in YouTube ads coming thru on AppleTV for some time now.: How do I add the ip to "manifest.googlevideo.com" to pfblocker? DNSBL doesn't operate in the IP space, it operates in the Domain Name space. You can add the domain name to a DNSBL Custom_List in any DNSBL Group. You could also create a new DNSBL group and put it in the group DNSBL Custom_List. You need to do a Force Reload DNSBL after.
• L

  PfblockerNG breaks host override
  • l0rdraiden

  10
  0
  Votes
  10
  Posts
  216
  Views

  

  @l0rdraiden said in PfblockerNG breaks host override: But is a bug that will be fixed or I can not enable that setting if I want to use host override? Let's see if it fix the failure mode after next Cron update. Resolver Live Sync make dynamic change to Unbound db on the fly. When you disable it, Unbound will reload the pfb_dnsbl.conf file instead. Depending on your host override settings, it may break the Resolver Live Sync. If you send me your host override settings by MP, I may find what's wrong. Well there is no MP on this forum. Let's try a chat instead. Host Override are in /var/unbound/host_entries.conf Domain Override are in /var/unbound/domainoverrides.conf
• W

  Advice - Allowing client to bypass pfblocker-ng
  • wesfox

  6
  0
  Votes
  6
  Posts
  437
  Views

  

  I'd change the allow rules to "LAN net" (or in case of the .10.3 an alias) and the block rule to source any? So you block out unwanted clients, that may have been connected to the network and setup with an alternative IP range? And wouldn't "This Firewall" be good instead of "LAN address" in case you upgrade that to a CARP setup? Just a thought
• N

  For some reason this isn't working for me
  • nafeasonto

  3
  0
  Votes
  3
  Posts
  81
  Views

  

  Did you run a Force Update or a Force Reload after making the change?
• G

  DNS fails when DNSBL (pfBlockerNG-devel 2.2.5_21) is enabled
  • gogglespisano

  10
  0
  Votes
  10
  Posts
  276
  Views

  G

  I found the problem. I had a rule that needed the 10.0.0.0 subnet added. When the DNSBL VIP was added, some traffic to pfSense got blocked.
• S

  Pfblocker (DNSBL) and android amazon app (android web viewer) issue "SOLVED"
  • scorpious

  13
  0
  Votes
  13
  Posts
  7094
  Views

  B

  I was just running into a similar issue (Amazon Android App not working) My shortly added Domain Whitelists are the following: .c.amazon-adsystem.com # Amazon Advertisements .d1ykf07e75w7ss.cloudfront.net # CNAME for (c.amazon-adsystem.com) .fls-eu.amazon.de .fls-eu.amazon.com # CNAME for (fls-eu.amazon.de) .gateway.prod.eu-west-1.forester.a2z.com # CNAME for (fls-eu.amazon.de) .endpoint.prod.eu-west-1.forester.a2z.com # CNAME for (fls-eu.amazon.de) .mads.amazon-adsystem.com # Amazon Adsystem Mads .amazon-adsystem.com # Amazon Adsystem MADS As you see it is a little bit unsorted what I track back to my whitelisting flow... You should not just copy & paste it as in your region and on your phone / setup / yet added Domains on the Whitelist it may work or even not work. The process is easy. run your apps and keep about 5-10 secs after reload the DNSBL Alert Tab check for potentially corresponding Domains whitelist them** ** First I added them manually to the Domain Whitelist which did not work (I guess the CNAMEs might have been missing...) It is uncomfortable to whitelist them automatically by the + Sign as every Alert Tab Reload takes Ages to reload... But anyway, at least it was necessary for me to get the CNAMEs, too, as it did not seem to work without them. BTW this is also the reason why the List seems to be so unsorted, I added several before the automatic initiated Alert Tab Reload (and maybe the hidden but initiated Reload-DNSBL for adding the new Entries) accomplished.
• 

  devel v2.2.5_19 - Feeds not added to 'DNSBL Feeds'
  • RyanM

  12
  1
  Votes
  12
  Posts
  450
  Views

  G

  This also happened for me with a clean install of 2.2.5_21.
• L

  Package Manager info link
  • lohphat

  1
  0
  Votes
  1
  Posts
  60
  Views

  No one has replied