Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG v2.0 w/DNSBL

    Scheduled Pinned Locked Moved pfBlockerNG
    1.1k Posts 192 Posters 1.7m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jamerson
      last edited by

      Thank you for this BBcan177.
      I am using it for over a year now everything working really fine.
      I want to filter the adult website using this package is this even possible or have to install a proxy ?

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        @Jamerson:

        Thank you for this BBcan177.
        I am using it for over a year now everything working really fine.
        I want to filter the adult website using this package is this even possible or have to install a proxy ?

        Just have to add the domains that you want to block into a DNSBL Alias…

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          pfBlockerNG v2.0.15 -    Pull Request #140 was merged:

          See the following for details:
              https://github.com/pfsense/FreeBSD-ports/pull/140

          UPDATE:

          Please wait for pfBlockerNG v2.0.16 due to the following unescaped variable issue:
              https://github.com/pfsense/FreeBSD-ports/pull/143/files

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • ivorI
            ivor
            last edited by

            @BBcan177:

            pfBlockerNG v2.0.15 -    Pull Request #140 was merged:

            See the following for details:
                https://github.com/pfsense/FreeBSD-ports/pull/140

            UPDATE:

            Please wait for pfBlockerNG v2.0.16 due to the following unescaped variable issue:
                https://github.com/pfsense/FreeBSD-ports/pull/143/files

            Great job. Just resolved the issue with dnsbl service not starting.

            Need help fast? Our support is available 24/7 https://www.netgate.com/support/

            1 Reply Last reply Reply Quote 0
            • N
              nathulal
              last edited by

              Using pfBlockerNG v2.0.16 I have DNSBL EasyPrivacy turned on from before. It was working fine. After updating to v2.0.16 twitter.com is getting blocked. Was not getting blocked before. I tried to add twitter.com to DNSBL->Custom Domain Suppression (Whitelist) but that doesnt unblock it. If I set the EasyPrivacy feed to Off, twitter.com loads successfully.

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                @nathulal:

                Using pfBlockerNG v2.0.16 I have DNSBL EasyPrivacy turned on from before. It was working fine. After updating to v2.0.16 twitter.com is getting blocked. Was not getting blocked before. I tried to add twitter.com to DNSBL->Custom Domain Suppression (Whitelist) but that doesnt unblock it. If I set the EasyPrivacy feed to Off, twitter.com loads successfully.

                You can suppress directly from the Alerts Tab, which will remove the Domain immediately… if you add the domain manually to the Whitelist, you need to select the "update custom list" checkbox, and run a "Force Reload - DNSBL" for it to take effect...

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • N
                  nathulal
                  last edited by

                  @BBcan177:

                  You can suppress directly from the Alerts Tab, which will remove the Domain immediately… if you add the domain manually to the Whitelist, you need to select the "update custom list" checkbox, and run a "Force Reload - DNSBL" for it to take effect...

                  Ahh thanks for clearing that up. All good now.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @nathulal:

                    @BBcan177:

                    You can suppress directly from the Alerts Tab, which will remove the Domain immediately… if you add the domain manually to the Whitelist, you need to select the "update custom list" checkbox, and run a "Force Reload - DNSBL" for it to take effect...

                    Ahh thanks for clearing that up. All good now.

                    Ahh crap… I have to make another change to the code as it shouldn't have picked up that Domain name :)  Sorry guys... I will post a PR to get this fixed ASAP...

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator
                      last edited by

                      pfBlockerNG v2.0.17 :
                          https://github.com/pfsense/FreeBSD-ports/pull/144

                      This will fix the issue with the EasyPrivacy Feed (As noted above)

                      I suspect that EasyList will also change file formats at some point, but I will make those changes at that time.

                      Until the PR is merged, either disable EasyPrivacy, or fetch the file from my Github repo:

                      –> File below is only for pfSense v2.3.x <–

                      fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://raw.githubusercontent.com/BBcan177/FreeBSD-
                      ports/88fc815594c48f9d99c2f7feb9649a3586a3ca27/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc"
                      

                      and run a "Force Reload - DNSBL"

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      1 Reply Last reply Reply Quote 0
                      • N
                        nathulal
                        last edited by

                        @BBcan177:

                        pfBlockerNG v2.0.17 :
                            https://github.com/pfsense/FreeBSD-ports/pull/144

                        This will fix the issue with the EasyPrivacy Feed (As noted above)

                        I suspect that EasyList will also change file formats at some point, but I will make those changes at that time.

                        Until the PR is merged, either disable EasyPrivacy, or fetch the file from my Github repo:

                        –> File below is only for pfSense v2.3.x <–

                        fetch -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://raw.githubusercontent.com/BBcan177/FreeBSD-
                        ports/88fc815594c48f9d99c2f7feb9649a3586a3ca27/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc"
                        

                        and run a "Force Reload - DNSBL"

                        Manually pulled the update and reverted my twitter.com whitelist. Did a force reload and can verify that the fix does work. Thanks.

                        1 Reply Last reply Reply Quote 0
                        • P
                          ppmax
                          last edited by

                          Hi–

                          Firstly, thanks again for an awesome package!

                          I'd like to revisit an issue brought up numerous pages ago, that issue being that with pfBlockerNG and DNSBL enabled, along with the DNSBL Easy List to block ads, some web clients will throw an error like so:

                          Is this a Safari/Mobile Safari issue only? How are people working around this with pfBlockerNG? This issue is causing Wife Approval Factor to drop precipitously.

                          Thanks again,
                          Paul

                          1 Reply Last reply Reply Quote 0
                          • BBcan177B
                            BBcan177 Moderator
                            last edited by

                            @ppmax:

                            Is this a Safari/Mobile Safari issue only? How are people working around this with pfBlockerNG? This issue is causing Wife Approval Factor to drop precipitously.

                            Hi Paul,

                            Is this device on the latest Apple Software build? Is Safari updated?

                            Two other options.. 1) Install Chrome  2) Set the DNS setttings for this device to a different DNS server, so that it bypasses DNSBL.

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            1 Reply Last reply Reply Quote 0
                            • P
                              ppmax
                              last edited by

                              Hello BBcan177–

                              Thanks for your reply--much appreciated.

                              All our desktops/laptops/devices are up to date running the latest: Safari 9.1.1 and OS X 10.11.5 on the desktop. All iPhones and iPads are running the latest as well.

                              Getting folks in the family to use another browser won't go very far :(  Such is the life of the family sys admin.

                              Regarding:

                              1. Set the DNS settings for this device to a different DNS server, so that it bypasses DNSBL.

                              All devices are using pfSense for DNS (forwarder is enabled).

                              If I'm understanding this issue correctly, these certs are all delivered via https. Since these connections are blocked by the EasyList, Safari throws these alerts?

                              Is this a known issue with Safari, or is there some configuration available that I'm not aware of?

                              thx
                              PP

                              1 Reply Last reply Reply Quote 0
                              • X
                                XmickS
                                last edited by

                                Hello,

                                I had pfblocker working fine on my other setup, but now since i upgraded to pfsense 2.3 my config was currupted and i had to do a clean install.

                                my problem with pfblocker is that i cant get the dnsbl to block ads. i configured the standard list(cameleon, yoyo, adaway enz.) and i also see a lot of ads listed in the alerts tab, but the ads still show up. i'm guessing the problem is with unbound. also when i do al update/reload, it says "Reloading Unbound … Not completed." see below.

                                Adding Unbound Server:Include line... completed
                                Validating database... completed 
                                Reloading Unbound ... Not completed.
                                DNSBL update [ 0 ]... completed 
                                ------------------------------------------
                                DNSBL - Adding Unbound custom 'include' option
                                
                                Saving new DNSBL web server configuration to port [ 8081 & 8443 ]
                                Saving pfSense config...
                                VIP address configured. Widget Packet statistics reset.
                                New DNSBL Cert Created.
                                Restarting Service DNSBL...
                                

                                second thing is it says ipcount 37?

                                   70107 total
                                   46572 /var/db/pfblockerng/dnsbl/ADs_hostfile.txt
                                   15239 /var/db/pfblockerng/dnsbl/ADs_Cameleon.txt
                                    3659 /var/db/pfblockerng/dnsbl/EasyListElements.txt
                                    2395 /var/db/pfblockerng/dnsbl/ADs_yoyo.txt
                                    2080 /var/db/pfblockerng/dnsbl/EasyListPrivacy.txt
                                     125 /var/db/pfblockerng/dnsbl/ADs_adaway.txt
                                      23 /var/db/pfblockerng/dnsbl/EasyListElements.ip
                                      14 /var/db/pfblockerng/dnsbl/EasyListPrivacy.ip
                                
                                IPv4 alias tables IP count
                                -----------------------------
                                37
                                
                                IPv6 alias tables IP count
                                -----------------------------
                                0
                                
                                Alias table IP Counts
                                -----------------------------
                                      37 /var/db/aliastables/pfB_DNSBLIP.txt
                                
                                pfSense Table Stats
                                -------------------
                                table-entries hard limit  2000000
                                Table Usage Count         73126
                                
                                1 Reply Last reply Reply Quote 0
                                • BBcan177B
                                  BBcan177 Moderator
                                  last edited by

                                  It looks like there are no domains in DNSBL?

                                  DNSBL update [ 0 ]... completed
                                  

                                  Post the whole DNSBL section of the log.

                                  "Experience is something you don't get until just after you need it."

                                  Website: http://pfBlockerNG.com
                                  Twitter: @BBcan177  #pfBlockerNG
                                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                  1 Reply Last reply Reply Quote 0
                                  • QinnQ
                                    Qinn
                                    last edited by

                                    @doktornotor:

                                    @BIGGRIMTIM:

                                    Sorry if this is stupid question.  I am using OpenDNS and wondered if I can use DNSBL along with it?  The only way I was able to get alert data was by changing the DNS settings on my PC.

                                    Not in this way. If you point your clients to pfSense as DNS server and use OpenDNS as forwarders for Unbound, then yes it should work.

                                    I recently installed pfblockerng v2.0.17 with the help of https://m.youtube.com/watch?v=YLhDOaH0q5U and until then I used opendns. Is it possible to combine these two and if so how can I accomplish this and what could/would it bring.

                                    Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
                                    Firmware: Latest-stable-pfSense CE (amd64)
                                    Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

                                    1 Reply Last reply Reply Quote 0
                                    • BBcan177B
                                      BBcan177 Moderator
                                      last edited by

                                      @Qinn:

                                      @doktornotor:

                                      @BIGGRIMTIM:

                                      Sorry if this is stupid question.  I am using OpenDNS and wondered if I can use DNSBL along with it?  The only way I was able to get alert data was by changing the DNS settings on my PC.

                                      Not in this way. If you point your clients to pfSense as DNS server and use OpenDNS as forwarders for Unbound, then yes it should work.

                                      I recently installed pfblockerng v2.0.17 with the help of https://m.youtube.com/watch?v=YLhDOaH0q5U and until then I used opendns. Is it possible to combine these two and if so how can I accomplish this and what could/would it bring.

                                      It can be done just as Dok said above:

                                      Point your LAN devices to pfSense Resolver/DNSBL, and then set the Resolver into "Forwarding mode" to the opendns servers…  But keep in mind that opendns doesn't support DNSSEC, so disable those options...

                                      "Experience is something you don't get until just after you need it."

                                      Website: http://pfBlockerNG.com
                                      Twitter: @BBcan177  #pfBlockerNG
                                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                      1 Reply Last reply Reply Quote 0
                                      • QinnQ
                                        Qinn
                                        last edited by

                                        Thanks for bringing us pfBlockerNG! As I am fairly new to the use of an ad blocker in combination what a firewall, can you be a bit more explicit say idiot proof ;) on the how to  using pfBlockerNG and opendns?

                                        Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
                                        Firmware: Latest-stable-pfSense CE (amd64)
                                        Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

                                        1 Reply Last reply Reply Quote 0
                                        • QinnQ
                                          Qinn
                                          last edited by

                                          @BBcan177:

                                          It can be done just as Dok said above:

                                          Point your LAN devices to pfSense Resolver/DNSBL, and then set the Resolver into "Forwarding mode" to the opendns servers…  But keep in mind that opendns doesn't support DNSSEC, so disable those options...

                                          Stupid me, that was easy (one check mark and one off). But when using the "Forwarding mode" am I not losing DNSBL and so a lot off "power" of your adblocker? In your professional opinion am I now penny wise and pond foolish?

                                          Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
                                          Firmware: Latest-stable-pfSense CE (amd64)
                                          Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

                                          1 Reply Last reply Reply Quote 0
                                          • X
                                            XmickS
                                            last edited by

                                            @BBcan177:

                                            It looks like there are no domains in DNSBL?

                                            DNSBL update [ 0 ]... completed
                                            

                                            Post the whole DNSBL section of the log.

                                            Dont know if this is what you meant, but this is the reload log of the dnsbl section

                                             UPDATE PROCESS START [ 06/06/16 16:58:27 ]
                                            
                                            ===[  DNSBL Process  ]================================================
                                            
                                            [ ADs_yoyo ]		 Reload  . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              2395     2395       0          -          2395      
                                              ------------------------------------------------
                                            
                                            [ ADs_hostfile ]	 Reload  . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              47769    47766      1194       -          46572     
                                              ------------------------------------------------
                                            
                                            [ ADs_adaway ]		 Reload [ 06/06/16 16:58:30 ] . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              410      408        283        -          125       
                                              ------------------------------------------------
                                            
                                            [ ADs_Cameleon ]	 Reload  . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              21195    21195      5956       -          15239     
                                              ------------------------------------------------
                                            
                                            [ EasyListElements ]	 Reload [ 06/06/16 16:58:32 ] . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              5133     4925       1255       -          3670      
                                              ------------------------------------------------
                                            IP count=23
                                            
                                            [ EasyListPrivacy ]	 Reload  . completed ..
                                              ------------------------------------------------
                                              Original Unique     # Dups     Alexa      Final     
                                              ------------------------------------------------
                                              2571     2567       487        -          2080      
                                              ------------------------------------------------
                                            IP count=14
                                            
                                            [ DNSBL_IP ]		 Updating aliastable [ 06/06/16 16:58:33 ]
                                            ------------------------------------------
                                            no changes.
                                            Total IP count = 37
                                            ------------------------------------------
                                            
                                            ------------------------------------------
                                            Assembling database... completed
                                            Validating database... completed [ 06/06/16 16:58:35 ]
                                            Reloading Unbound ... Not completed.
                                            DNSBL update [ 70081 ]... completed 
                                            ------------------------------------------
                                            
                                            ===[  Continent Process  ]============================================
                                            
                                            [ pfB_Africa_v4 ]	 exists. 
                                            [ pfB_Africa_v6 ]	 exists. 
                                            [ pfB_Top_v4 ]		 exists. 
                                            [ pfB_Top_v6 ]		 exists. 
                                            
                                            ===[  Aliastables / Rules  ]==========================================
                                            
                                            No changes to Firewall rules, skipping Filter Reload
                                            No Changes to Aliases, Skipping pfctl Update
                                            
                                            ===[ FINAL Processing ]=====================================
                                            
                                               [ Original IP count   ]  [ 51324 ]
                                            
                                            ===[ Deny List IP Counts ]===========================
                                            
                                               51323 total
                                               37758 /var/db/pfblockerng/deny/pfB_Top_v4.txt
                                                8519 /var/db/pfblockerng/deny/pfB_Top_v6.txt
                                                4516 /var/db/pfblockerng/deny/pfB_Africa_v4.txt
                                                 530 /var/db/pfblockerng/deny/pfB_Africa_v6.txt
                                            
                                            ===[ DNSBL Domain/IP Counts ] ===================================
                                            
                                               70118 total
                                               46572 /var/db/pfblockerng/dnsbl/ADs_hostfile.txt
                                               15239 /var/db/pfblockerng/dnsbl/ADs_Cameleon.txt
                                                3670 /var/db/pfblockerng/dnsbl/EasyListElements.txt
                                                2395 /var/db/pfblockerng/dnsbl/ADs_yoyo.txt
                                                2080 /var/db/pfblockerng/dnsbl/EasyListPrivacy.txt
                                                 125 /var/db/pfblockerng/dnsbl/ADs_adaway.txt
                                                  23 /var/db/pfblockerng/dnsbl/EasyListElements.ip
                                                  14 /var/db/pfblockerng/dnsbl/EasyListPrivacy.ip
                                            
                                            ====================[ Last Updated List Summary ]==============
                                            
                                            Jun 5	03:00	pfB_Africa_v4
                                            Jun 5	03:00	pfB_Africa_v6
                                            Jun 5	03:00	pfB_Top_v4
                                            Jun 5	03:00	pfB_Top_v6
                                            
                                            IPv4 alias tables IP count
                                            -----------------------------
                                            42312
                                            
                                            IPv6 alias tables IP count
                                            -----------------------------
                                            9050
                                            
                                            Alias table IP Counts
                                            -----------------------------
                                               51360 total
                                               37758 /var/db/aliastables/pfB_Top_v4.txt
                                                8519 /var/db/aliastables/pfB_Top_v6.txt
                                                4516 /var/db/aliastables/pfB_Africa_v4.txt
                                                 530 /var/db/aliastables/pfB_Africa_v6.txt
                                                  37 /var/db/aliastables/pfB_DNSBLIP.txt
                                            
                                            pfSense Table Stats
                                            -------------------
                                            table-entries hard limit  2000000
                                            Table Usage Count         124453
                                            
                                             UPDATE PROCESS ENDED 
                                            
                                            
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.