Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking TLD's

    pfBlockerNG
    3
    4
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dcol Banned
      last edited by

      Hi all,
      Just setup the DNSBL with a bunch of recommended lists, but my real purpose is to block unwanted TLD's from getting to my email server.
      I setup an exclusion list and a blacklist. Alerts show the blocked TLD's like I expected, but the connection was still passed to my email server.

      Is there something else I need to do to block these TLD's from being passed on?

      As you can see, the alert is there for the unwanted TLD, but it was still delivered to the email server.
      Do I need to add a firewall rule? Seems pointless to use if I cannot block these.
      TLD1.jpg
      TLD1.jpg_thumb
      TLD2.jpg
      TLD2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        Do not mix Domain name blocking and IP blocking.

        IP blocking is done with IP tables and firewall rules.

        DNSBL is for Domain name requests coming from inside the firewall, it doesn't prevent incoming access from outside the firewall

        DNSBL intercept the Domain name request and provides the VIP instead of the real IP of the domain to the client inside the firewall.

        The firewall rule in DNSBL is for domain tables that includes IPs. pfblockerNG will collects those IPs in DNSBLIP table and generate a firewall rules when the box is checked. There is only a few IPs collected during DNSBL update (on my setup : 15K IPs vs 560K domain names).

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • D
          dcol Banned
          last edited by

          Thanks for the reply. I guess DNSBL is not what I am looking for. I will shut it down.

          Pfblocker does a good job with countries. I just wanted something that could do the same with TLD's. Any suggestions?

          1 Reply Last reply Reply Quote 0
          • P
            pdrass
            last edited by

            I'd like to chime in here.  I think the TLD blocking is primarily for "outbound" traffic not inbound.  It's used with unbound DNS resolve.

            So if you setup your systems like this you can screen nasty TLD's from your end users like this:  (Block TLD:  .top, .party, .ms <– which blocks skype auth, etc)...

            PC DNS points to DNS server > DNS server DNS forwarder points to PFSense which uses Unbound, checks the TLD and decides > PFSense's DNS looks to your ISP or some other DNS provider like OpenDNS, Comodo, etc.

            It's mean to protect internal LAN assets not block external ones.

            NOW...if you want to block external TLD's form your mail server what type of mail server do you have?

            You can block junk TLD's by parsing your log files or sometimes spam filters like mail cleaner let you just put the TLD's in there.  For POSTFIX you can do it like this:  https://whackersforhackers.com/2017/03/08/tld-blocking-in-postfix-mta/

            There are more ways to TLD block BUT I'd suggest not using PFSense and TLD blocking in PFBlocker to do it because that's not what PFBlocker is trying to do here (I don't think with respect to TLD's and how DNSBL works).

            Good luck!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.