Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ntopng: Live Flows

    Scheduled Pinned Locked Moved
    Traffic Monitoring
    2
    2
    263
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nasheayahu
      last edited by

      Screenshot_20240129_094048.png

      This concatenation of my network domain name concerns me, does this allow the initiator to bypass pfBlockerNG ability to block IP connections?

      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @nasheayahu
        last edited by

        @nasheayahu Those are only the actual namelookup attempt. If you are running pfBlockerNG and are bloking those domainnames, then the client will get a NXDOMAIN response from that namelook - and thus won't get any further.

        two things to notice:

        1: You have one client that is bypassing your Unbound Resolver on pfSense (with pfBlockerNG blokings) and are using 1.1.1.1 and 1.0.0.1 as nameservers.

        2: PfBlockerNG does not actually block any IP connections (when it comes do domain names). It only prevents the clients from resoling those names to IP adresses - and are thus unable to contact those services.

        Love the no fuss of using the official appliances :-)

        1 Reply Last reply Reply Quote 1
        • First post
          Last post