Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does pfsense 2.5.2 add its own DNSBL whitelist ?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 605 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      parry
      last edited by

      I just noticed that on the Firewall-->pfBlockerNG-->DNSBL there is a whitelist that I had nothing to do with
      ---> /pfblockerng/pfblockerng_dnsbl.php Im using pfsense 2.5.2

      It shows the following in the DNSBL Whitelist section
      Does anyone know why the whitelist has been created ? I don't recall adding it
      Thanks, Parry

      s3.amazonaws.com
      s3-1.amazonaws.com # CNAME for (s3.amazonaws.com)
      .github.com
      .githubusercontent.com
      github.map.fastly.net # CNAME for (raw.githubusercontent.com)
      .gitlab.com
      .apple.com
      .sourceforge.net
      .fls-na.amazon.com # alexa
      .control.kochava.com # alexa 2
      .device-metrics-us-2.amazon.com # alexa 3
      .amazon-adsystem.com # amazon app ads
      .px.moatads.com # amazon app 2
      .wildcard.moatads.com.edgekey.net # CNAME for (px.moatads.com)
      .e13136.g.akamaiedge.net # CNAME for (px.moatads.com)
      .secure-gl.imrworldwide.com # amazon app 3
      .pixel.adsafeprotected.com # amazon app 4
      .anycast.pixel.adsafeprotected.com # CNAME for (pixel.adsafeprotected.com)
      .bs.serving-sys.com # amazon app 5
      .bs.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com)
      .bsla.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com)
      .adsafeprotected.com # amazon app 6
      .anycast.static.adsafeprotected.com # CNAME for (static.adsafeprotected.com)
      google.com
      www.google.com
      youtube.com
      www.youtube.com
      youtube-ui.l.google.com # CNAME for (youtube.com)
      stackoverflow.com
      www.stackoverflow.com
      dropbox.com
      www.dropbox.com
      www.dropbox-dns.com # CNAME for (dropbox.com)
      .adsafeprotected.com
      control.kochava.com
      secure-gl.imrworldwide.com
      pbs.twimg.com # twitter images
      www.pbs.twimg.com # twitter images
      cs196.wac.edgecastcdn.net # CNAME for (pbs.twimg.com)
      cs2-wac.apr-8315.edgecastdns.net # CNAME for (pbs.twimg.com)
      cs2-wac-us.8315.ecdns.net # CNAME for (pbs.twimg.com)
      cs45.wac.edgecastcdn.net # CNAME for (pbs.twimg.com)

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Yes, pfBlockerNG adds that by default to prevent things being incorrectly blocked by blacklist updates.

        That's a very old version of the package in a very old version of pfSense though. You should upgrade.

        Steve

        P 1 Reply Last reply Reply Quote 0
        • P
          parry @stephenw10
          last edited by

          @stephenw10
          I would use later versions except that the later versions dont provide ASN block. There is probably a method of doing that but this version finds the ASN numbers by simply entering the company name. Thanks for bothering to reply.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @parry
            last edited by

            @parry yes it does

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            P 1 Reply Last reply Reply Quote 0
            • P
              parry @SteveITS
              last edited by

              @SteveITS The ASN selection appears in the pfBlockerNG package. If I update it to 2.6, the ASN option disappears in the PfBlockerNG installation. That's why I have not updated. Did I misunderstand you suggestion ? Thanks again Steve. Parry

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @parry
                last edited by

                @parry Well I don't know about 2.6 but it's in the package for 23.09 so I assume it would be in 2.7.x:
                30d95061-8bf3-4927-ac89-d7f3b3173a28-image.png

                You might be looking at pfBlockerNG vs pfBlockerNG-devel? -devel was moved/copied into non-devel I think when 23.01 was released, so they are identical now.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.