DNS Blacklist, New Package! Check it out.
-
Hello, I was instructed that DNS Blacklist would be a good addition to pfsense. Right now I have added "OPT1" specifically for my son's computer which is directly plugged in. He has the outstanding Country Block on his interface blocking the outbound however I'd also like to block certain categories, i.e. Adult content. I can use OpenDNS' settings however eventually he'll figure out how to temporarily switch them and so having something within pfsense would be ideal. Back to DNS Blacklist, is this list actively updated or obsolete? Can I address this package to only effect certain interfaces or is every interface effected by the selections made? Thanks.
The lists are actively updated but not in the package. In the previous post I show you how to update your lists directly from the source.
Every interface using local DNS is affected by the package. You can bypass by specifying another DNS server on your systems just the same way you can bypass OpenDNS. -
The lists are actively updated but not in the package. In the previous post I show you how to update your lists directly from the source.
Every interface using local DNS is affected by the package. You can bypass by specifying another DNS server on your systems just the same way you can bypass OpenDNS.UPDATE: I figured it out! I guess for now, if I want to use OpenDNS' settings what I can do is go to Services –> DHCP Server --> OPT1 --> and fill in the OpenDNS settings in the DNS Servers block. With DNS Forwarder checked all he gets is his default gateway as the DNS server which masks it that much better.
-
What you need so that he cant bypass your DNS servers/settings is a rule that allows DNS access to your firewall and OpenDNS and than below that a rule that denies access to all DNS servers, this way one can get DNS from the firewall or pfsense but not anywhere else therefor you can block them from going to sites you dont want. If you dont do these rules, one can just change the dns servers that the computer uses.
-
What you need so that he cant bypass your DNS servers/settings is a rule that allows DNS access to your firewall and OpenDNS and than below that a rule that denies access to all DNS servers, this way one can get DNS from the firewall or pfsense but not anywhere else therefor you can block them from going to sites you dont want. If you dont do these rules, one can just change the dns servers that the computer uses.
A very good idea as when he figures out how to configure static he'll be able to type in the ISP dns manually. I'd like for the OPT1 (son's) interface to only use the OpenDNS one.
Would that be in the Firewall –> Rules --> OPT1 interface? Example? Thanks...
-
Yes, attached is a pic of my DNS server rules, remember rules at the top override those at the bottom.
Edit: Also I have an alias for DNS Servers which is the firewall and OpenDNS' DNS servers.If you need more help, start a new thread so as not to hijack this one.
-
-
Here is a little teaser for you guys… I still need to work on how we read/edit the blacklist. I was doing it with PHP but it uses too much RAM, so now we're doing it in sh which runs a lot quicker. Just need a little more time, so please be patient.
How to add manual entries?
-
I used DNS blacklist about a year ago before I started using the snapshot version. I thought it was a great package and I'd really like to see it available for use with the snapshots.
Is there anyone currently looking into making the DNS blacklist package available for snapshots? Or is there some other package people are using instead of DNS blacklist now?
-
I've got a nice white 404 Error-page when clicking DNS Blacklist referring to http://pfsense:82/packages/dnsblacklist/dnsblacklist.php
Tried first Squid allong with SquidGuard but was to much of a hassle to get it working. Was blocking websites so I had to manually Whitelist them. Ended up uninstalling Squid en SquidGuard, rebooting and installing DNS Blacklist. I Reinstalled Package version 0.2.4 but no luck! How and Why?!
-
Hi,
I also encountered almost the same problem. I install Squid and SquidGuard together with DNS Blacklist to two systems. One system blocks everything(yahoo, msn etc…) while the other one doesnt block anything at all. Need this package very much, just cant run it with squid packages. Any help on what to do....Thanks.
-
Only cp.core is in /usr/local/www/packages/dnsblacklist. In /usr/local/www there are no php-files from DNS Blacklist.
I'm not a XML- pro but I can read from the dnsblacklist.xml there should be configfiles at /usr/local/www/packages/config there is no /config Directory
dnsblacklist.xml is in /usr/local/pkg
dnsblacklist.inc is in /usr/local/png
dnsblacklist.tmp is NOT in /tmp
blacklist.tar.gz is NOT in /tmpWhat is in /tmp is pkg_mgr_DNS Blacklist.log
Beginning package installation. Downloading package configuration file... Changing file mode to 0755 for /usr/local/pkg/dnsblacklist.xml Changing file mode to 0755 for /usr/local/pkg/dnsblacklist.inc Changing file mode to 0755 for /tmp/dnsblacklist.tmp Changing file mode to 0755 for /tmp/blacklists.tar.gz require_once('include_file')
-
Any word yet on manual entries?
I love the package, except the "adult" list blocks our payroll (adp.com) -
Ronnie….
You can manually edit the files in the /usr/local/www/packages/dnsblacklist/blacklists folder then reupload them.
-
I just installed the 2.0 RC, and dont see it in my list of packages.
Is it not available?
-
I just installed the 2.0 RC, and dont see it in my list of packages.
Is it not available?
Currently DNS Blacklist is not available for 2.0. I spoke to xa0z, (one of the package developers) a few days ago and he said he wasn't sure if there would be an update for 2.0 but he was considering it.
I like the package and would like to see it continue but in the mean time I have started using SquidGuard as an alternative. So far it has been working pretty well, it takes a bit more time to configure but it's much more versatile.
-
Thanks, good to know. I'll be looking into it.
-
Just installed squidguard and enabled the blacklists. How up to date are they? Are they updated on a regular basis?
-
Just installed squidguard and enabled the blacklists. How up to date are they? Are they updated on a regular basis?
It depends which blacklist you are using, most of them are updated quite frequently.
SquidGuard has a list of several on their site. URLBlacklist.com has a list the updates very often.
http://www.squidguard.org/blacklists.htmlMore SquidGuard configuration information
http://hubpages.com/_pfsense/hub/URL-Filtering-How-To-Configure-SquidGuard-in-pfSense -
You are a life saver. I was using the default. Thanks for the link to those.
-
One more thing. Can this thing auto update its lists or would I have to setup a cron job to download, extract, and restart the service?