DNS Blacklist, New Package! Check it out.
-
Hi,
First of all thanks for the package.
I am moving my PFsense 1.2.3 to newer hardware and would like to use DNS Blacklist with new install. I have tried and like how it works and the idea.
I am having a problem that I have no been able to solve, probably missing something or don't know full usage of the package. At my company we are using Google Apps for email and other services, the email accounts are setup for POP and SMTP use and have email clients configured.
If DNS Blaclist is enable with only adult filter the smtp and pop.gmail.com becomes inaccessible, if I disable the adult filter or DNS Blacklist, everything works well again. For your knowledge google emails uses SSL ports for email configuration, ports 465 and 995.
I have looked in the /adults/domain, /url and /expressions files and have no found anything for gmail.
For the moment I have to stop the use until whitelist will be available or find a solution for my problem.
¿Any suggestions or Idea?
Many Thanks :-\
-
more then likely whats going on is that site or what ever your trying to access (even though safe) happens to share a DNS server that is with in the black list…least thats my conclusion that makes the most sense to me...
-
more then likely whats going on is that site or what ever your trying to access (even though safe) happens to share a DNS server that is with in the black list…least thats my conclusion that makes the most sense to me...
My apologies, I'll explain what has happed on a seccond review.
- I use WinSCP to access my box, I used the text editor included in winSCP and the search function did not work so could no find what I was looking for.
- When changes are made to DNS Blacklist, have to disable and enable the package again, then it reload settings
- Have to do a DNS Flush on my PC, Windows, so I clean DNS destinations.
As I said need further information to use properly, would suggest a manual for the application and if you wish I could set a Google Apps document for you where collaborative work for editing and share could be applied. Also could make some translations on it.
Thanks
-
now when you change the settings (and reload the package to make said changes take effect) then flush the DNS on the PC's does it work correctly, or does it block needed sites? or does it block them before the DNS flush?
-
Okay guys. What other "addons" do we need? We already have the category section, the manual addition of both whitelisting and blacklisting.
We can't do blocking by IP only so that's out. I can't really think of too much more.
-
Okay guys. What other "addons" do we need? We already have the category section, the manual addition of both whitelisting and blacklisting.
Been a while since I have checked this project out, however at the time it redirected a blocked page to google. The ability to set up a custom redirect would be awesome.
With Regards….
-
hmmm…I was thinking about that my self too and I think that would be something really good to have also (not all of us prefer to use/redirect to google...lol!)
-
You can change the IP to redirect to. But since we're using DNSMasq, we can only tell it an IP to resolve to. We can't use hostnames without also telling the server that such and such IP should reverse to such and such domain. Using the google IP was easiest, but you can just put it as 0.0.0.0 if you want.
-
and I am gonna guess that it is changed in the CFG file or what ever or will the interface have that built in?
-
Yeah you can hardcode the IP address. Would be nice if you could extend it with a specific file name. ie 192.168.0.2/banned.html
-
I created a web server package for pfsense called vhosts. You could put your custom message on one of the virtual hosts. And simply have this package point to it.
-
I think I found a small bug. When you are in Services > DNS Blacklist and you click on the pfSense logo in the top (I use the code-red theme btw) which takes you to Status > System or in other words "Home". It is a bad link, it tries to send you here: https://1.2.3.4/packages/dnsblacklist/index.php which is a 404 not found (tested on 2 seperate FWs).
Also, just wondering. Will it be possible to query lists such as the Spamhaus DROP list?
http://www.spamhaus.org/drop/
Even being able to query their Zen list would be awesome, it would help take a little load off of mail servers that utilize the zen list for spam prevention.
http://www.spamhaus.org/zen/Kudos on the package by the way, I have long since wanted something similar to opendns that is built into pfsense so you don't have to deal with the opendns bullcrap! Many thanks and great work.
-
will this be an auto update package that can be updated through the GUI or must it be installed via shell or what ever?
-
Hi whats the name of you channel in freenode again?
-
the "adult" section of dns blacklist prevents to login facebook coz of it works on IP based.
so all the domains hosted on the same server is blocked.
when i tried to login facebook by fill the username and password, i am getting google home page with *.google.com certificate.
how can i solve this issue? -
after installed the package i got:
May 17 01:53:11 dnsmasq[2526]: cannot read /usr/local/etc/dnsmasq.blacklist.conf: No such file or directory
May 17 01:53:11 dnsmasq[2526]: cannot read /usr/local/etc/dnsmasq.blacklist.conf: No such file or directory
May 17 01:53:11 dnsmasq[2526]: FAILED to start up
May 17 01:53:11 dnsmasq[2526]: FAILED to start up
May 17 01:53:12 php: /index.php: [DEBUG] Lock recursion detected.and all was messed up and even my own dns could`t resolve
-
Just as a note, the ability to enter a list of DNS names, or use a category based subscription, to prohibit is one of the major features of Sonicwall (and other) firewall products, and if this package does what I think it does, then it allows pfSense to be that much more of a serious competitor.
I apologize for not reading the entire thread, but if I install this on 1.2.3-RELEASE WebGUI, will I be able to uninstall it via WebGUI if for whatever reason I need to?
-
Hi,
First of all thanks for the package.
I am moving my PFsense 1.2.3 to newer hardware and would like to use DNS Blacklist with new install. I have tried and like how it works and the idea.
I am having a problem that I have no been able to solve, probably missing something or don't know full usage of the package. At my company we are using Google Apps for email and other services, the email accounts are setup for POP and SMTP use and have email clients configured.
If DNS Blaclist is enable with only adult filter the smtp and pop.gmail.com becomes inaccessible, if I disable the adult filter or DNS Blacklist, everything works well again. For your knowledge google emails uses SSL ports for email configuration, ports 465 and 995.
I have looked in the /adults/domain, /url and /expressions files and have no found anything for gmail.
For the moment I have to stop the use until whitelist will be available or find a solution for my problem.
¿Any suggestions or Idea?
Many Thanks :-\
Hi,
Exactly the same issue, also same as tebruno99's post.
If i enable the 'adult' list, it starts blocking a lot of websites not in the blacklists.
For example, it blocks 'www.shallalist.de'.
I grep'd the whole lists (ssh'd to the box) to search for either 'shallalist', the ip of the website (78.47.242.85), the names of the DNS servers (shalla.de,robot7.first-ns.de, robot2.second-ns.de) and the IPs of these DNS servers, and found nothing related.
If i grep 'shalla' only, it finds :
blacklists/adult/domains:shallanmeiers.com.ar
blacklists/porn/domains:shallanmeiers.com.ar
which has no direct relation with shallalist.de
So i ended up with not enabling the 'adult' list, wich i really woud like to enable.
I'm using pfSense 1.2.3 release with squid/squidGuard. DHCP server is enabled and serve the IP of the box (gateway) as the DNS server. DNS forwarder is enabled. The DNS setting of Squid is forced to the private LAN IP of the box ('Use alternate DNS-servers for the proxy-server'), because, if not set, Squid seems to bypass the dns forwarder and directly resolve the names through the provider's DNS.
In SquidGuard, the option 'Not to allow IP addresses in URL' is enabled.
Any idea ?
Thank you. -
There's also an error at boot :
DNS Blacklist : Fatal error : cannot redeclare pkg_is_service_running() previously declared in /usr/local/pkg/cron.inc:37 in /usr/local/pkg/dnsblacklist.inc on line 35.
I removed the cron package, and now it says the same message for another package (ip-blocklist).
Can it interfere with other packages, and how to fix this message ? -
The ip-blocklist package messes with the dns blacklist package. Sorry Mcrane!
I am working on a fix right now.