REGEX blocking
-
WTF ....
I added a 'facebook' regex above so I could collect some DNSBL log lines - see image above.
I also saw :
and, as 'facebook' is in the hostname, all looks fine.
I removed the facebook regex, and reloaded pfBlockerng.
Still, Whatsapp didn't work (on my phone).
And wtf, when I deactivated wifi on my phone, still Whatsapp "doesn't work".Facebook did it again : they have managed to shut themselves, whatsapp this time, out of the Internet. Probably on a planetary level
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@gertjan Thats exactly my issue.... that other apps are affected because they are all mining on each others data og dns records.
Kind of annoying...
-
@gertjan https://www.independent.co.uk/tech/whatsapp-down-not-working-status-b2209835.html?utm_content=Echobox&utm_medium=Social&utm_campaign=Main&utm_source=Twitter#Echobox=1666682232
-
@cool_corona Twitter ?
Also on CNN, MSNBC, Foxnews, BBC, all major (local) french tv news, and soon many Youtube "facebook did it again" videos. -
@gertjan so i guess a really slick feature to pfblockerng-devel would be the ability to add regex lists from pihole, like how suricata can use snort lists.
-
At the bottom of Python Regex List section reads "Changes to this option will require a Force Update to take effect" but actually Reload is required.
-
This post is deleted! -
@Uglybrian Is it still working?
-
@Gertjan Hello, are you still using regex blocking in pfblockerng?
pfSense plus 24.11 on Topton mini PC
CPU: Intel N100
NIC: Intel i-226v 4 pcs
RAM : 16 GB DDR5
Disk: 128 GB NVMe
Brgds, Archi -
Yes Antibotic, its still working and I am still using the same list. so far so good.
-
yes :
It's pretty powerful.
Be aware : regex !Read it like this : if any of the text in the lines (the requested host name) matches the regex list, the request gets blocked.
-
@Gertjan Can you please post your regex in text format? I will copy
-
^(.+[_.-])?adse?rv(er?|ice)?s?[0-9]*[_.-] #test RGX1 ^(.+[_.-])?telemetry[_.-] #test RGX2 ^adim(age|g)s?[0-9]*[_.-] #test RGX4 ^adtrack(er|ing)?[0-9]*[_.-] #test RGX5 ^advert(s|is(ing|ements?))?[0-9]*[_.-] #test RGX6 ^aff(iliat(es?|ion))?[_.-] #test RGX7 ^analytics?[_.-] #test RGX8 ^banners?[_.-] #test RGX9 ^beacons?[0-9]*[_.-] #test RGX10 ^count(ers?)?[0-9]*[_.-] #test RGX11 ^pixels?[-.] #test RGX12 ^stat(s|istics)?[0-9]*[_.-] #test RGX13 ^stat(s|istics)?[0-9]*[_.-] #test RGX14No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan Thank you
-
-
@Gertjan Are you block for incoming?
What the reason, firewall block itself all in? -
@Antibiotic said in REGEX blocking:
Are you block for incoming?
My LANs of course.
That's where the original DNS requests come from, and I want to 'disable' some of them like "incoming.telemetry.mozilla.org" (probably from my browser).
I don't know what beacons.gtv2.com is, the request came from my captive portal.@Antibiotic said in REGEX blocking:
What the reason, firewall block itself all in?
The regex has nothing to with the/a firewall.
A DNS request came in "what is the A of incoming.telemetry.mozilla.org ?"
The regex filter found it, so pfBlockerng told unbound to tell the LAN client : it's 0.0.0.0.
When the LAN clients receives 0.0.0.0 it can't connect to "incoming.telemetry.mozilla.org" because it has no valid IP to connect to.
This is how DNSBL works.I don't need (want) a firewall that blocks "Internet" IPs. My LAN firewall is wide open - the portal a bit less, though.
-
@Gertjan are you using firefox?
-
The better part of my live, and for the moment, yeah....
-
@Gertjan Idk, which platform you are using for firefox, linux or freebsd, but under windows firefox is disaster
