pfblockerng

mohdikramsaif

Dear Team,

I am using pfblockerNG for website blocking. But I have requirement three types categories.

Example:-

All site blocking through pFblockerNG in Dnsbl.

1. Full Website blocking With DNSBL feed on Default LAN Traffic.
2. One Website access(web.whatsapp.com) but all blocking with DNSBL on Some Lan IP.
3. Full Website access on Some Lan IP.

I need your help everyone. Kindly share your suggestion. How I Create the rule for this.
I am waiting for your response.

Please reply..........

dma_pf

@mohdikramsaif I think we need a little bit more help with what exactly it is that you are trying to accomplish in your 3 goals. Could you maybe give us some more concrete examples?

Also, you may have a bit of misunderstanding about how the DNSBL works. You do not create rules on an interface to use DNSBL. Those lists are saved by pfblocker which then monitors the DNS requests initiated by a browser when you ask it to go to a website. If pfblocker sees that a DNS query is made for a domain name in one of the DNSBL then pfblocker prevents that DNS query from being made by the DNS Resolver in pfsense.

So for example, if someone wants to go to badsite.com and types that domain name into a web browser (or clicks a link to that site) the browser first has to get the IP address of that domain. It does that by creating a DNS query which would be handled by the DNS Resolver in pfsense. In this example, pfblocker would first look at the DNS query and see that it is for badsite.com. Pfblocker would then look at the DNSBL's and if badsite.com is in a DNSBL pfblocker will reject the DNS request. The net result is that the browser can not resolve badsite.com's IP address and therefore the browser can't reach the site.

Now the IP feeds in pfblocker are lists of actual IP addresses (xxx.xxx.xxx.xxx) which, when retrieved by pfblocker, create aliases (Firewal/Aliases/URLs). Those aliases can then be used in your firewall rules to block traffic on your interfaces.

Gertjan

@mohdikramsaif

What is your pfBlockerng version ??

This is the latest version :

Your questions :

1. The DNSBL feeds activated will "block" the access to the listed sites. (not only websites).
2. Add "web.whatsapp.com" and all other whatsapp.com related domains to a list and you're ok. There was a whatsapp forum post no so long in the past. Keep in mind that whatsapp == facebook so you might have to block entire "AS".
3. pfBlockerng had possibilities to include exclude certain LAN devces. See the very old forum posts about how to do so.
   The newer (from yesterday) pfBlockerng-devel uses a simpler approach :

@mohdikramsaif said in pfblockerng:

Kindly share your suggestion

Have a look (abuse the search button) most of not all questions are already answered on the pfblockerng support forum.