PfBlockerNG v2.0 w/DNSBL
-
I noted that each time I update pfSense 2.3 build, after reboot or no, DNSBL lists are not correctly loaded, in fact the widget shows 0 ips. I have to manually ask for reload to get list loaded and blocking feature to work again.
@webtyro:
Same here as noted by Wolf666.
Thanks for the report…
If you are able to modify a file, please edit: /usr/local/pkg/pfblockerng/pfblockerng.inc
In 2.3 - Line : 3149
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3149In 2.2.x - Line: 3156
https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.inc#L3156and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
-
and edit the line:
if (empty($lists_dnsbl_all)) {
to
if (empty($lists_dnsbl_all) && !$pfb['save']) {
First make sure that the widget doesn't show the DNSBL count as "0" (Run a force reload if its "0"), then reboot and ensure that post-reboot that the widget DNSBL count is accurate…
Post back if this fixes this issue...
Thanks!
Fix my problem. Thanks BBcan177.
-
Fix mine also.
-
@BBcan177
That did the trick for mine also. Thank you. -
Semi complete n00b here. I got it up and running with just dnsbl. However it just stops after a few hours and lets everything through. Is there something i can check? I cant see any errors being thrown in the logs, cron jobs are doing things etc every hour.
-
Ensure that your LAN devices have their DNS settings set to only pfSense. If you ping the DNSBL VIP does it resolve? If you browse the the DNSBL VIP do you get the 1x1?
-
i can ping the VIP from my 192.1.6.2.xxx to the VIP http://10.10.10.1/.
If i load up the web page its blank.
Not seeing anything about a gif.
The only hint is <title>10.10.10.1 (1×1)</title>
This happens if it is blocking correctly or incorrectly.
It seems that everything works till the first cron job. After that if i want it to work i have to force update till the next cron job.
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
-
-
Can you follow the instructions in this post:
https://forum.pfsense.org/index.php?topic=102470.msg607864#msg607864
Thank you. It has been up for 3 cron jobs and is still working.
After the first reboot after the patch i did have to force update to get this to work the first time:
===[ DNSBL Process ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding -
-
Hello all,
pfSense noob here. Using pfSense since November 2015. Full install of pfSense on SuperMicro A1SAi-27f0F, 16GM RAM. I am having a strange problem, and am not sure what I did. I was happily using pfBlocker_NG with DNSBL. I upgraded pfBNG from 2.04 to 2.05 four days ago. When I reboot, the LAN interface is now assigned the DNSBL Virtual IP (10.10.10.1) and not the 192.168.1.1 IP as specified under Interfaces: LAN. I have to manually "2) Set interface(s) IP address" in a ssh session, before I can log in to the GUI and disable DNSBL. Reboot, and the LAN gets the 192.168.1.1 IP. Same with 2.05 to 2.06. Did not have this issue with version 2.04. I would rather not wipe the box and start over, if someone might point me in another direction. Thanks in advance.
-
When I reboot, the LAN interface is now assigned the DNSBL Virtual IP (10.10.10.1) and not the 192.168.1.1 IP as specified under Interfaces: LAN.
I assume the LAN interface is DHCP? I have only seen this when another user used bridged interfaces… The DNSBL VIP is a virtual alias in the LAN interface... Maybe your LAN device is not getting an IP address before DNSBL executes?
There has not been any changes to that part of the code, but there is another release "2.0.6" which you can try...
-
Thank you! That is something I can try later tonight, at present three ethernet and four WiFi are all bridged, I will eliminate the bridge, and report back. Yes, LAN hands out IPs via DHCP. V. 2.06 also the same behavior as V. 2.05
-
Correction: the LAN interface (currently bridged) is assigned the static IP of 192.168.1.1, I needed to reread your question.
Thanks again. -
Correction: the LAN interface (currently bridged) is assigned the static IP of 192.168.1.1, I needed to reread your question.
Thanks again.If you want to continue bridging… Add another physical interface (without bridging) and assign the DNSBL VIP to that Interface. Just make sure to add firewall rules to allow other LAN addresses to access it...
Otherwise best to remove the bridge and use a more efficient hardware switch :)
-
I have this website which implements most of the content/features with iframes and it stops working when enabling DNSBL. I have added the addresses of the site and iframe's to the "Custom Domain Suppression" but the site simply refuses to load nothing but a white page where the iframe goes. tcpdump shows no activity when loading that site. None of the log files reveal nothing useful. Any way to debug it further?
-
Shopro,
Try to hit "F12" in the browser to open Dev mode, then goto the "console" tab to see additional details that might help diagnose. You can also run a tcpdump command as per the instructions in the DNSBL tab to sniff for dns requests.
-
Updating in the thread, BB :-* .
Yahoo complaining about certificates(pic00) is fixed by adding mail.yahoo.com and login.yahoo.com to the suppress list & 'Force Reload'.
I still have pic01, and I still have the strange NTP to the virtual IP:
| WAN | udp | 84.x.x.x:46231 (10.10.10.1:123) -> 195.200.224.66:123 | MULTIPLE:MULTIPLE |
No idea why, as 10.10.10.1 is completely isolated, my LAN is 192.x.x.x.
-
Mr J.,
If you run this command you will see which site is listing that domain:
grep "login.yahoo.com" /var/db/pfblockerng/dnsblorig/* /var/db/pfblockerng/dnsblorig/PhishTank.orig:3563722,https://login.yahoo.com:443/config/mail?.intl=au&.done=https%3A%2F%2Flogin.yahoo.com%3A443%2Fconfig%2Fmail%3F.intl%3Dau%26.done%3Dhttps%253A%252F%252Fau%252Dmg6.mail.yahoo.com%252Fneo%252Flaunch%253F.rand%253D7j0n99rj7v27t%2523address%23address#address,http://www.phishtank.com/phish_detail.php?phish_id=3563722,2015-10-30T15:52:31+00:00,yes,2016-02-17T06:23:42+00:00,yes,Other /var/db/pfblockerng/dnsblorig/PhishTank.orig:3507774,http://www.stmaria.cl/img/login.yahoo.com%20config%20mail%20.intl=hk.html,http://www.phishtank.com/phish_detail.php?phish_id=3507774,2015-10-03T14:14:09+00:00,yes,2015-10-12T19:54:23+00:00,yes,Other
Can also see if a domain is in the final dnsbl list:
grep "login.yahoo.com" /var/unbound/pfb_dnsbl.conf grep "login.yahoo.com" /var/db/pfblockerng/dnsbl/*
So from the first command above, you can see that login.yahoo.com is listed by PhishTank… That feed posts full URLs, so it can cause FPs... Its best to use that Feed with Alexa suppression. Also similar with OpenPhish and MPatrol... If your starting out with DNSBL, maybe disable those three lists, until you get more comfortable with it...
For your certificate issue: In Chrome you can clear the DNS Browser cache with this link:
chrome://net-internals/#dns
I am not sure if FireFox has something similar… You might also need to clear your Desktop and/or Browser DNS cache, since it might still have these blocked domains in the cache even tho you cleared it in DNSBL... Might also need to close and re-open the browser...
ipconfig /flushdns
Look at the post above yours, where i suggest using F12 Dev mode to help diagnose issues…
For your NTP issue, goto the tab Services: NTP, did you select the DNSBL VIP address?