pfBlockerNG not logging everything
-
Hi all,
Have just installed pfBlockerNG 3.1.0.4 onto my pfSense 2.6.0 box and I have a question regarding the logging.
If I open a browser on the LAN and place doubleclick.net in the address it is blocked and that is reflected in the logs. All good so far.
If I open up a command prompt on the same PC this is what I get from nslookup:
C:\Windows\System32>nslookup doubleclick.net Server: pfSense.localdomain Address: 192.168.10.1 Name: doubleclick.net Address: 10.10.10.1 C:\Windows\System32>Yes, it is blocked but nothing appears in the pfBlocker logs.
Can someone please explain why?TIA
-
-
@gertjan - I have pfSense 2.6 CE and not 22.01 so does this still apply? Plus I don't have high CPU Usage.
-
@gregeeh
Both use the version "pfBlockerNG 3.1.0.4" so yes. -
@gertjan The patch did not resolve the issue, sorry.
-
C:\Users\Gauche>nslookup doubleclick.net Serveur : pfSense.xxxxxxxxx.net Address: 192.168.1.1 Nom : doubleclick.net Address: 0.0.0.0I see the resolver requests (several, for A, AAAA, etc) in the DNS Reply tab, and in the
-
@gertjan - Yep that's what I would expect but not what I'm getting. Note you're getting an address of 0.0.0.0 while I'm getting 10.10.10.1.
Could this point to the issue?
BTW - What are you calling "The DNS Reply Tab"?
-
@gregeeh said in pfBlockerNG not logging everything:
"The DNS Reply Tab"?
@gregeeh said in pfBlockerNG not logging everything:
you're getting an address of 0.0.0.0 while I'm getting 10.10.10.1.
10.10.10.1 point to the build in web server that could show in a browser that the domain name your trying to visit is blocked.
But, IMHO, that's BS as most traffic there days is https, not http. Visiting http pages could be considered as a security problem.
And https can't be redirected, that's what https is all about, so the browser will spit a a "complex error message" and not showing this pfBlockerng block host message page.
I go for the much cleaner 0.0.0.0 solution. -
@gertjan I don't seem to have a DNS Reply Tab:
-
Ah, right : you are not using the "Python mode" but the Unbound mode.
