REGEX blocking
-
@cool_corona Twitter ?
Also on CNN, MSNBC, Foxnews, BBC, all major (local) french tv news, and soon many Youtube "facebook did it again" videos. -
@gertjan so i guess a really slick feature to pfblockerng-devel would be the ability to add regex lists from pihole, like how suricata can use snort lists.
-
At the bottom of Python Regex List section reads "Changes to this option will require a Force Update to take effect" but actually Reload is required.
-
This post is deleted! -
@Uglybrian Is it still working?
-
@Gertjan Hello, are you still using regex blocking in pfblockerng?
-
Yes Antibotic, its still working and I am still using the same list. so far so good.
-
yes :
It's pretty powerful.
Be aware : regex !Read it like this : if any of the text in the lines (the requested host name) matches the regex list, the request gets blocked.
-
@Gertjan Can you please post your regex in text format? I will copy
-
^(.+[_.-])?adse?rv(er?|ice)?s?[0-9]*[_.-] #test RGX1 ^(.+[_.-])?telemetry[_.-] #test RGX2 ^adim(age|g)s?[0-9]*[_.-] #test RGX4 ^adtrack(er|ing)?[0-9]*[_.-] #test RGX5 ^advert(s|is(ing|ements?))?[0-9]*[_.-] #test RGX6 ^aff(iliat(es?|ion))?[_.-] #test RGX7 ^analytics?[_.-] #test RGX8 ^banners?[_.-] #test RGX9 ^beacons?[0-9]*[_.-] #test RGX10 ^count(ers?)?[0-9]*[_.-] #test RGX11 ^pixels?[-.] #test RGX12 ^stat(s|istics)?[0-9]*[_.-] #test RGX13 ^stat(s|istics)?[0-9]*[_.-] #test RGX14
-
@Gertjan Thank you
-
Keep an eye on it :
-
@Gertjan Are you block for incoming?
What the reason, firewall block itself all in? -
@Antibiotic said in REGEX blocking:
Are you block for incoming?
My LANs of course.
That's where the original DNS requests come from, and I want to 'disable' some of them like "incoming.telemetry.mozilla.org" (probably from my browser).
I don't know what beacons.gtv2.com is, the request came from my captive portal.@Antibiotic said in REGEX blocking:
What the reason, firewall block itself all in?
The regex has nothing to with the/a firewall.
A DNS request came in "what is the A of incoming.telemetry.mozilla.org ?"
The regex filter found it, so pfBlockerng told unbound to tell the LAN client : it's 0.0.0.0.
When the LAN clients receives 0.0.0.0 it can't connect to "incoming.telemetry.mozilla.org" because it has no valid IP to connect to.
This is how DNSBL works.I don't need (want) a firewall that blocks "Internet" IPs. My LAN firewall is wide open - the portal a bit less, though.
-
@Gertjan are you using firefox?
-
The better part of my live, and for the moment, yeah....
-
@Gertjan Idk, which platform you are using for firefox, linux or freebsd, but under windows firefox is disaster
-
@Antibiotic said in REGEX blocking:
but under windows firefox is disaster
Works fine for me, I only have Microsoft GUIs here.
Other OSs here have no GUI, only command line acces, and lynx if needed. -
@Gertjan Oki))I tried a few times , but on my laptop firefox tabs are a huge, actually all a huge . Do not like it at all and native edge better integrate to windows security options.
-
@Antibiotic
I have huge screens ^^