@tmiland said in Group alert entries:

I was wondering if it would be possible to group alert entries? Or add it as a feature request?
I'm blocking Windows 10 telemetry, and it is constant traffic (A WHOLE LOT) which pushes other entries out of sight.
Running latest pfBlockerNG-devel, which is absolutely FANTASTIC!
Regards from an early beta tester (pfBNG Dev v.72)

You can mute the logging of Domains in DNSBL by creating a new DNSBL Group and select the "Disable logging" option, and the Group Order to Primary.

Then either use Feeds, or add the domains to the custom list at the bottom. Follow that with a Force Reload - DNSBL for it to take effect. This will utilize "0.0.0.0" instead of the DNSBL VIP address.

Thanks for the feedback!

@yyz said in DNSBL Whitelist vs TLD Exclusion list?:

DNSBL Whitelist vs TLD Exclusion list?
How are these different?

The Whitelist is used to remove Domains from the DNSBL Blocking.

When you use the "TLD" option, it will automagically Wildcard block any domain that is a Root domain. So it would wildcard block "example.com" but not "ads.example.com".

When a domain is wildcard blocked via TLD, you can use the "TLD Exclusion" list to remove that domain from the TLD functionality. This way, it will only block the single domains that are listed in the DNSBL Feeds and not wildcard block it.

A Force Reload- DNSBL will be required after adding to the TLD Exclusion list.

@dasanco said in Alexa:

I'm having a real problem understand the purpose of the Alexa list, when and where it should be used, to do what.
is there a primer or white paper on how/when/where to use the Alexa option?

The TOP1M whitelist (in devel it also has the Cisco Whitelist), can be used to whitelist the most popular domains in DNSBL. I would only suggest using it for the Phishing Feeds, as those can cause FPs since those feeds post full URLs. Also limit the number of TOP1M Domains to whitelist.

Some reading here:
https://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella

I will work on adding this to my todo list :)

@grimson said in Whitelisting DNSBL in pfBlocker:

@guardian said in Whitelisting DNSBL in pfBlocker:

With all due respect, did your read that post? It doesn't answer the question that I am asking.

Did you search and read other posts about this topic? I doubt that.

I know about + on the log, but that means that I have to find the item on the log - often that isn't easy, and I can't deal with the problem proactively. I am looking for some way to explicitly and proactively exclude a domain from the DNSBL.

So you didn't even really look at the DNSBL settings or read the included help:

0_1545262076921_really2.png

Is it really that hard to even look at the settings before asking questions and wasting the time of others?

It was a case of looking but not seeing. I had a vague recollection of there being a section, but when I first looked I missed it, assumed that it wasn't there and spent a lot of time looking in other places. It is below the fold and buried in other tabs so I missed it.

When I saw your post I knew that I had clearly overlooked something and was finally able to find the section. In fact, when I opened the section, I found that I had put entries in there about 18 months ago. I couldn't find any posts because it was so damn simple. This is the digital example of hunting high and low for your car keys (or something else) when it is lying in plan sight.

Sorry for the inconvenience, thanks for helping me find the answer to the question.

For the benefit of anyone looking for the answer to the question:
pfBlocker Domain Whitelisting
Navigate to Firewall / pfBlockerNG / DNSBL and open the area
Custom Domain Whitelist near the bottom of the page.

@jegr

That's what I do :)

The goal for initial questions was to learn how-tos , but general discussion about how users use home network is very useful !

Thank you all!

Yeah, due to my blocked Server (as Portforwarding inbound within the 10.0.0.0 /8) Range I just switched to Alias Deny to getting able to Suppress this /32 and it worked.
On first Testings the Server responds and a page is being delivered.

If you read this in the future: Native Alias works good. As I have seen Deny Alias works better. I just didn't had to set my Suppress up (List is empty, just checked it!)
I only can suggest that with the Deny Alias maybe pfBlockerNG recognizes / admits the Portforwarding as a higher Priority and lets the Traffic to that IP pass.

I will just have to figure out if this happens only eg from my own Adresses or whether even Contacts from IPs within the defined Block Lists will also get passed / "ignored"...
If anybody is aware of that case or knows an Answer I'd highly appreciate your effort here, as it saves many time seizing the Logs for denied Inbounds by each List.

Edit:
As I just saw that I did not mention that clearly... I was before using the Native Alias and just shortly switched to use the lists as a Deny Alias.
The portforwarding did not work before as the lists were set to Native Alias.

@grimson

Sorted, thanks, have a nice Christmas, I am off to specsavers!

@ronpfs Thanks for the reply. I JUST finished updating all of the packages I have and updating PFsense to the newest version. After restoring a fully working config from a few months ago and it seems to be working okay now.

That's an awesome List, thank you for sharing it @anttechs
I was just surfing all the way up and down to find sth similar, here it is. Just amazing!

Edit
I really do not know if it should have had been mentioned here but on http://iplists.firehol.org/ there is a comparison of several free accessible Lists.
As it surely needs a little "work-in" imo it got the option to provide a good overview over several lists and even how individual lists overlaps one with an other.

I just found it shortly. As I see it might provide one with a nice and unique overview though it might even need some time to get even this. Anyway, I guess it might be a good addition for any searches.

Try this :

grep "maxmind.com" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld

it provides some more info about pfblockerNG db.

@tac57

I don't use Plex anymore, so no comments, sorry

Change the State to Flex 😉

That must have felt good. Happy holidays.

Exact.
Static ones are ok, they are known - and when the lease is renewed, DNS doesn't restart.
Classic DHCP, if checked, will restart DNS.
This is a known subject (I won't call it an issue, but if unbound has a lot of work to do at startup, like rowing through all these pfBlockerNG 's feeds files; and you have a 'light' system (processor, disk, whatever) then yes, it starts to take time).