• Whitelisting instead of Blacklisting

    1
    0 Votes
    1 Posts
    332 Views
    No one has replied
  • Dnsbl listening port

    2
    0 Votes
    2 Posts
    426 Views
    GertjanG

    Hi,

    No way.
    Just keep the default ports (8081 and 8083).
    Same thing for the Virtual IP default 10.10.10. - except if this IP falls into one of your LAN's or other networks.

    Removing the '53' from unbound and be ready to 'break everything' ;)

  • pfBlockerNG security (dynamic firewall rules)

    1
    0 Votes
    1 Posts
    147 Views
    No one has replied
  • DNSBL deny all except whitelisted

    18
    0 Votes
    18 Posts
    3k Views
    NollipfSenseN

    @PaulMon123 said in DNSBL deny all except whitelisted:

    All I want to do is to block any DNS requests (except ones to specific services) to prevent data leaks using DNS tunneling.

    It seems that most of what I shared geared to accomplishing this, especially when an IPS/IDS is added to the mix. I take it others has physical access to the "secure environment" or it's a server.

    This data leaks using DNS tunneling is a hot topic, a potential headache, and I am hoping a package with DNS quarantine coming soon.

  • pfBlockerNG Alias Firewall Rule Question

    16
    0 Votes
    16 Posts
    2k Views
    NollipfSenseN

    @tman222 Well, I think it would be pfSense that provided pfBlockerNG widget the packet info.

  • Thanks from my wife

    7
    1 Votes
    7 Posts
    912 Views
    BBcan177B

    Make sure you are using pfBlockerNG-devel which is much improved over the release version.

  • pfB_DNSBLIP_v4 where is it's list ?

    5
    0 Votes
    5 Posts
    1k Views
    randombitsR

    OK thanks, I think I get it now. The ' IPv4 Suppression list' is a white list ? (clicking the '+' in the deny list)

    Just for clarity, I can see in /var/db/pfblockerng/deny the lists

    2019-10-16 19_38_24-deny - XCP-NG DQ77KB - WinSCP.jpg

    and under pfBlockerNG > IP > IPv4 I can see the corresponding lists created from 'feeds'

    2019-10-16 19_43_51-pfSense.localdomain - Firewall_ pfBlockerNG_ IP_ IPv4.jpg

    But I still don't get where the pfB_DNSBLIP_v4 (DNSBLIP_v4.txt) is created from 😕

  • pfSense pfBlocker and mobile phones apps

    9
    0 Votes
    9 Posts
    2k Views
    bmeeksB

    @William-Barni said in pfSense pfBlocker and mobile phones apps:

    @pfSenseTest Hum... ok. Thanks for the answer.

    I need to learn a ton of new tools and to develop rules for them, understand their behavior, just to block youtube.

    YouTube does not want to be blocked ... 😉 . So they make sure it is somewhere between difficult and impossible to block their traffic. Google has gotta have that ad revenue you know ... 😀 .

  • Update custom list with script

    1
    0 Votes
    1 Posts
    144 Views
    No one has replied
  • i7 4GHz CPU + 128GB RAM, still slow when I load a large list in DNSBL

    18
    0 Votes
    18 Posts
    2k Views
    T

    @iTestAndroid said in i7 4GHz CPU + 128GB RAM, still slow when I load a large list in DNSBL:

    @tman222

    Yes. Actually, with pfBlocker and list of around 400-500k, it works flawlessly, its super fast and blocks most ads. When I turn on all lists I have, the total count adds up to ~1.4M and that's when things start to go south. Otherwise both DNS resolver and pfBlocker works fine. So when 1.4M entry is added to pfBlocker, things get slow and some DNS requests hangs.

    DNS Query Forwarding -> Enabled
    Use SSL/TLS for outgoing DNS queries -> Enabled
    Custom Options:
    server:
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 9.9.9.9@853

    server:include: /var/unbound/pfb_dnsbl.*conf

    These are the DNS server addresses listed there
    1.1.1.1
    1.0.0.1
    9.9.9.9

    I have gigabit internet, RTT is acceptable:
    ping cloudflare.net
    PING cloudflare.net (104.16.208.90) 56(84) bytes of data.
    64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=1 ttl=57 time=2.73 ms
    64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=2 ttl=57 time=2.60 ms
    64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=3 ttl=57 time=2.43 ms
    64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=4 ttl=57 time=2.37 ms
    64 bytes from 104.16.208.90 (104.16.208.90): icmp_seq=5 ttl=57 time=2.53 ms

    @provels
    Yes, I have both enabled and each of them have size of 4096MB (4GB)

    Hi @iTestAndroid - do you see any difference if you take out 9.9.9.9 and just use Cloudflare's 1.1.1.1 and 1.0.0.1 servers? Do you have DNSSEC checked or unchecked? I'm still not quite convinced this is a pfBlockerNG issue -- 1.4M is really not that big and you have got some pretty powerful hardware too.

    Hope this helps.

  • 0 Votes
    5 Posts
    691 Views
    S

    @RonpfS said in Embeeded youtube clips won't work. Firefox detected a potential security threat and did not continue to www.youtube-nocookie.com:

    Remove your Whitelisting of the domain, Force Reload All, then whitelist it using the Alert Tabs to see what pfblockerNG will whitelist. www.youtube-nocookie.com is a CNAME : youtube-ui.l.google.com that need to be whitelisted as well.

    Thank you now it works! It added the following to the whitelist:

    .www.youtube-nocookie.com .youtube-ui.l.google.com # CNAME for (www.youtube-nocookie.com)
  • Get IP range by AS number

    3
    1 Votes
    3 Posts
    315 Views
    BBcan177B

    pfBlockerNG-devel already has ASN support in the IP State setting. Also Radb registry isn't very accurate. The package is using bppview.io instead.

    https://api.bgpview.io/ip/<IP>
  • pfBlockerNG certificate error

    5
    0 Votes
    5 Posts
    1k Views
    cybrnookC

    Your local device could have had the entry cached. Normally I will also disconnect my device from the network, and back on to force the device to flush local cache. Sometime a /flushdns on windows helps too.

  • Access to my VPN and Plex Server while abroad

    2
    0 Votes
    2 Posts
    399 Views
    NollipfSenseN

    @NasKar said in Access to my VPN and Plex Server while abroad:

    I would like to access my VPN to make changes to my firewall just in case and my Plex Server.

    Trust me, it's not a good idea to change your firewall through VPN. Make the changes before you go.

  • curl error 7 on all downloads

    9
    0 Votes
    9 Posts
    1k Views
    GertjanG

    @Koent said in curl error 7 on all downloads:

    analyse the FW daily

    Me neither.
    But I do check 'basic' operations when changing 'major' things like interfaces that deal with outgoing traffic.
    In this case : because the NIC called WAN (actually : PPPoE) now faces the Internet directly. Before, pfSense was probably hidden behind another router (no standard, but normal for a DHCP client mode). Now, it's time to re check and double check your WAN rules : typically none should be there exception NAT rules.

  • pfBlockerNG PHP Error Caused pfSense to Crash

    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • Fore Reload pfblockerNG at cold boot / reboot?

    2
    0 Votes
    2 Posts
    218 Views
    provelsP

    I tried to add

    /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php update >> /var/log/pfblockerng/pfblockerng.log

    as a shellcmd, but it still ran too early. I don't know how to make it sleep for a couple minutes.

  • Torrent trackers, Shodan, AWS and other feeds

    3
    2 Votes
    3 Posts
    805 Views
    NollipfSenseN

    Thank you both for sharing...I learned about Shodan for the first time.

  • 0 Votes
    30 Posts
    10k Views
    johnpozJ

    So their servers or cluster at each pop can handle 65k users - yeah find that unlikely ;) This just a perfect example of how misuse of ipv4 space ran us into a shortage of ipv4 way before it should of ever happened..

    Network space should be assigned appropriately for the amount of devices that will be using that space.. Even when inside rfc1918 space (which has limits as well) Sure you allow for growth and such.. But come on their 8 core 10ge box could handle anywhere close to even 8k users? That would leave you at most 1.25mbps each user ;) Let alone 64k users ;)

  • Feeds for some Cloud Service providers

    3
    0 Votes
    3 Posts
    360 Views
    viktor_gV

    @provels They can be used as whitelists instead

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.