• DNSBL/IPv4 list put on external hdd

    2
    0 Votes
    2 Posts
    292 Views
    RonpfSR

    Under IPv4 Source Definitions you can use local files. Clic on the infoblock to get more info.

    However the files need to be present when pfblockerNG run Update.

  • Webpage doesn't work, even whitelisted - solved

    4
    0 Votes
    4 Posts
    488 Views
    M

    Thanks for the advise, everything is working now@RonpfS:

    Looks at the Alerts tab to figure out what to whitelist. Do a Force Reload DNSBL once you have enuf whitelist done.

    Press F12 in your browser to determine what's not loading as well.

  • Remote logging of dnsbl.log

    2
    0 Votes
    2 Posts
    645 Views
    S

    Don't know about the syslog option, but I am emailing the dnsbl.log using the mailreport package.  Once installed choose Status-Email Reports-Add New Report.  Name it, save it, then edit and add this command:
    cat /var/log/pfblockerng/dnsbl.log

    This is assuming email is already working, configured on the system-advanced-notifications page.

  • PfBlockerNG torrents and blocking countries

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • DNSBL VIP Browsing Help Please.

    1
    0 Votes
    1 Posts
    493 Views
    No one has replied
  • PfBlockerNG blocking sons PS4

    6
    0 Votes
    6 Posts
    1k Views
    M

    You might get more sense if you filter the wire shark capture on port 53 (dns).

    That will tell you what addresses it is trying to look up.

    Also pfBlocker has a tab where you can see blocked traffic, it’s worth a look.

  • Pihole and NSA DNSBL Feed Error

    3
    0 Votes
    3 Posts
    932 Views
    NollipfSenseN

    @tagit446:

    I was getting the same errors with those list so I gave up.

    I did however get this one to work:
    https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS

    Thank you Tagit446…that worked.

  • PfBlocker white list bypasses all other rules

    6
    0 Votes
    6 Posts
    1k Views
    valnarV

    I work with firewalls all day long and every other major brand out there (CheckPoint, Fortinet, Palo Alto) implements geo-blocking as a separate process outside of firewall rules, otherwise you get the things I complained about.

    But with pfSense, I guess I'll have to re-order and manipulate things to get what I want.  Obviously it works fine with blacklisting, but with whitelisting, allowing North America does nothing to block Russia.

    Then change it to a rule that blocks everything except your work IP.

    I didn't need to do that before I implemented GeoIP blocking.  It was already assumed by my original rule.  Now I need to add a bunch more.

  • Does DNS Redirection Bypass DNSBL?

    6
    0 Votes
    6 Posts
    972 Views
    valnarV

    That's one way, the nice way.  Another way is to simply put in a firewall block on port 53 except for pfSense and let your kids figure out why they can't get anywhere.

  • Cannot reload config file, and DNSBL feeds appears permanently stuck

    3
    0 Votes
    3 Posts
    658 Views
    M

    Try going into pfBlocker - updates - force reload both IP & DNSBL.

  • Unknown http status code

    5
    0 Votes
    5 Posts
    756 Views
    M

    Can you access those lists from a client on the network?

  • Please help me whitelist part of a website

    4
    0 Votes
    4 Posts
    583 Views
    M

    You'll need to look at all the domains the page loads and see what they are.

    The comments are blocked on mine too, and I took a quick look and saw requests go from one article to subdomains of:-
    optimizely.com
    googleapis.com
    googletagservices.com
    twitter.com
    tiqcdn.com
    typekit.net
    addthis.net

    That list may not be exhaustive, but if you use the debug tools of your browser (I happen to be using MS Edge for this, use the F12 dev tools -> Network, then open the page) you should be able to see what sites requests are going to and can work through them one by one.

  • How to Allow pfBlocker to Bypass itself for list fetches

    2
    0 Votes
    2 Posts
    471 Views
    M

    I have mailed BBCAN177 and asked about whitelisting list domains automatically and his response was whitelisting them would be unexpected behaviour for end users and I agree that it would be a bad thing.

    He did suggest that theoretically as the whitelisting can now be done instantly that code to temporarily whitelist domains and then revert them afterwards could be possible at some point in the future.

    Without knowledge of what blocking you have in place it's difficult to say what you could do reliably.  If you're ok with web-based proxies then that is one option.  That way pfBlocker would only see the request to the proxy domain, not the blocked domain which is either part of the URL or encrypted/obfuscated entirely.

    For example I put a list I use into one proxy site and got this URL back…

    https ://www.sitenameredacted.com/browse.php/jFq3YZ2gvRvXF3vBTEqKxhzEqhrhb9TNwIVIO6BD649KAQxY7W0fRByEs2TrB8Z5uRyDQTRJxht5weSttltrT64_3D/b29/fnorefer/

    ..so long as the proxy site is not blocked then your lists will be accessible to pfBlocker.  Obviously you have to trust that proxy not to MITM your traffic or otherwise break stuff, which is why I've not included the name here.

  • PfBlockerNG and PFSense 2.4.2

    8
    0 Votes
    8 Posts
    2k Views
    U

    @BBcan177:

    I don't think this has anything to do with pfBlockerNG….  Try to post in the "Installation/Upgrade" forum and I'm sure someone will be able to help there...

    The latest version should be fine now for DNSBL and 2.4...

    There is a PR which will increase the memory for PHP which seems to fix the issues for some...

    This was merged today...

    https://github.com/pfsense/pfsense/pull/3881

    Hope this helps!

    It's work thanks :)

  • Subscribe to whitelist

    4
    0 Votes
    4 Posts
    1k Views
    RonpfSR

    For now, the only automatic whitelisting option is with TOP1M.

    To automate DNSBL whitelisting, more code would need to be added.

    So for now, you will have to update the DNS Whitelist when the ebates-cash-back-shopping.txt list change.

  • PfBlocker moving firewall rules to the top on interfaces

    3
    0 Votes
    3 Posts
    550 Views
    J

    Thanks, Grimson, I missed that on the first page.

    I will give that a try.

  • Cannot block dnsbl with OpenVPN

    15
    0 Votes
    15 Posts
    3k Views
    V

    Not familiar with your hardware but if your Asus router can handle VLANs in AP mode you should be good. I am sure others have more experience with this…its likely good for a single WLAN.

    You have a Managed switch which can handle VLANs (although some have expressed concern with TPlink...I am sure it is fine!)

    As mentioned it looks like your pfbox works...nice RAM(32G)!

    The Unifi AP is well regarded and super easy to setup for VLANs. Again find out if your ASUS supports VLANs before spending the $100.

    Not a huge value in GeoBlocking I also share the same concern...TOR, VPN, hijacked PC are likely the hackers route. I only suggested getting IPv4 and GeoBlocking as a way to get started with pfBlockerNG. The real prize, I found is with DNSBL in the blocking of ads but it requires you to make sure your DNS Resolver is set specifically.

    Make sure you can navigate to the DNSBL Virtual IP...if not it won't work. Also go to the alerts tab and see if you get an alert after navigating to the DNSBL Virtual IP....

  • Only allowing United States

    4
    0 Votes
    4 Posts
    2k Views
    W

    OK, I think I have it.  I had to disable all of the other GeoIP rules and only chose the two United States rules.  I then did a "Deny Inbound", and then chose the "Inverse" in the advanced options.  This seems to be working now.

  • Adblock browser addon vs DNSBL Easylist

    8
    0 Votes
    8 Posts
    3k Views
    T

    This might be a stupid question, but is your DNSBL working?

    I see this behavior since DNSBL doesn't work for me because I'm also using OpenVPN.

    So far I can't find a way to make them work together in a secure way.

  • PfBlockerNG with OpenVPN client

    4
    0 Votes
    4 Posts
    4k Views
    T

    So you are just using the default DNS servers? Aren't those your ISP's DNS servers? That means you'll be leaking DNS, which defeats the purpose of using the VPN.

    I'm still trying to solve this issue too, but that doesn't seem like the way to do it.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.