PfBlockerNG v2.0 w/DNSBL
-
It looks like there are no domains in DNSBL?
DNSBL update [ 0 ]... completedPost the whole DNSBL section of the log.
-
Sorry if this is stupid question. I am using OpenDNS and wondered if I can use DNSBL along with it? The only way I was able to get alert data was by changing the DNS settings on my PC.
Not in this way. If you point your clients to pfSense as DNS server and use OpenDNS as forwarders for Unbound, then yes it should work.
I recently installed pfblockerng v2.0.17 with the help of https://m.youtube.com/watch?v=YLhDOaH0q5U and until then I used opendns. Is it possible to combine these two and if so how can I accomplish this and what could/would it bring.
-
Sorry if this is stupid question. I am using OpenDNS and wondered if I can use DNSBL along with it? The only way I was able to get alert data was by changing the DNS settings on my PC.
Not in this way. If you point your clients to pfSense as DNS server and use OpenDNS as forwarders for Unbound, then yes it should work.
I recently installed pfblockerng v2.0.17 with the help of https://m.youtube.com/watch?v=YLhDOaH0q5U and until then I used opendns. Is it possible to combine these two and if so how can I accomplish this and what could/would it bring.
It can be done just as Dok said above:
Point your LAN devices to pfSense Resolver/DNSBL, and then set the Resolver into "Forwarding mode" to the opendns servers… But keep in mind that opendns doesn't support DNSSEC, so disable those options...
-
Thanks for bringing us pfBlockerNG! As I am fairly new to the use of an ad blocker in combination what a firewall, can you be a bit more explicit say idiot proof ;) on the how to using pfBlockerNG and opendns?
-
It can be done just as Dok said above:
Point your LAN devices to pfSense Resolver/DNSBL, and then set the Resolver into "Forwarding mode" to the opendns servers… But keep in mind that opendns doesn't support DNSSEC, so disable those options...
Stupid me, that was easy (one check mark and one off). But when using the "Forwarding mode" am I not losing DNSBL and so a lot off "power" of your adblocker? In your professional opinion am I now penny wise and pond foolish?
-
It looks like there are no domains in DNSBL?
DNSBL update [ 0 ]... completedPost the whole DNSBL section of the log.
Dont know if this is what you meant, but this is the reload log of the dnsbl section
UPDATE PROCESS START [ 06/06/16 16:58:27 ] ===[ DNSBL Process ]================================================ [ ADs_yoyo ] Reload . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 2395 2395 0 - 2395 ------------------------------------------------ [ ADs_hostfile ] Reload . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 47769 47766 1194 - 46572 ------------------------------------------------ [ ADs_adaway ] Reload [ 06/06/16 16:58:30 ] . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 410 408 283 - 125 ------------------------------------------------ [ ADs_Cameleon ] Reload . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 21195 21195 5956 - 15239 ------------------------------------------------ [ EasyListElements ] Reload [ 06/06/16 16:58:32 ] . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 5133 4925 1255 - 3670 ------------------------------------------------ IP count=23 [ EasyListPrivacy ] Reload . completed .. ------------------------------------------------ Original Unique # Dups Alexa Final ------------------------------------------------ 2571 2567 487 - 2080 ------------------------------------------------ IP count=14 [ DNSBL_IP ] Updating aliastable [ 06/06/16 16:58:33 ] ------------------------------------------ no changes. Total IP count = 37 ------------------------------------------ ------------------------------------------ Assembling database... completed Validating database... completed [ 06/06/16 16:58:35 ] Reloading Unbound ... Not completed. DNSBL update [ 70081 ]... completed ------------------------------------------ ===[ Continent Process ]============================================ [ pfB_Africa_v4 ] exists. [ pfB_Africa_v6 ] exists. [ pfB_Top_v4 ] exists. [ pfB_Top_v6 ] exists. ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update ===[ FINAL Processing ]===================================== [ Original IP count ] [ 51324 ] ===[ Deny List IP Counts ]=========================== 51323 total 37758 /var/db/pfblockerng/deny/pfB_Top_v4.txt 8519 /var/db/pfblockerng/deny/pfB_Top_v6.txt 4516 /var/db/pfblockerng/deny/pfB_Africa_v4.txt 530 /var/db/pfblockerng/deny/pfB_Africa_v6.txt ===[ DNSBL Domain/IP Counts ] =================================== 70118 total 46572 /var/db/pfblockerng/dnsbl/ADs_hostfile.txt 15239 /var/db/pfblockerng/dnsbl/ADs_Cameleon.txt 3670 /var/db/pfblockerng/dnsbl/EasyListElements.txt 2395 /var/db/pfblockerng/dnsbl/ADs_yoyo.txt 2080 /var/db/pfblockerng/dnsbl/EasyListPrivacy.txt 125 /var/db/pfblockerng/dnsbl/ADs_adaway.txt 23 /var/db/pfblockerng/dnsbl/EasyListElements.ip 14 /var/db/pfblockerng/dnsbl/EasyListPrivacy.ip ====================[ Last Updated List Summary ]============== Jun 5 03:00 pfB_Africa_v4 Jun 5 03:00 pfB_Africa_v6 Jun 5 03:00 pfB_Top_v4 Jun 5 03:00 pfB_Top_v6 IPv4 alias tables IP count ----------------------------- 42312 IPv6 alias tables IP count ----------------------------- 9050 Alias table IP Counts ----------------------------- 51360 total 37758 /var/db/aliastables/pfB_Top_v4.txt 8519 /var/db/aliastables/pfB_Top_v6.txt 4516 /var/db/aliastables/pfB_Africa_v4.txt 530 /var/db/aliastables/pfB_Africa_v6.txt 37 /var/db/aliastables/pfB_DNSBLIP.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 124453 UPDATE PROCESS ENDED -
i also found this in the pfblockerng.log
... ... [ DNSBL_IP ] Updating aliastable ------------------------------------------ no changes. Total IP count = 37 ------------------------------------------ ------------------------------------------ Assembling database... completed Validating database... completed [ 06/06/16 17:00:03 ] Reloading Unbound ...error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Not completed. DNSBL update [ 70081 ]... completed ------------------------------------------ ... ...the weird thing to me is that i see the alerts in the alerts tab, but the ads still show up on my screen.
if i need to post more info, let me know.
-
i also found this in the pfblockerng.log
... ... [ DNSBL_IP ] Updating aliastable ------------------------------------------ no changes. Total IP count = 37 ------------------------------------------ ------------------------------------------ Assembling database... completed Validating database... completed [ 06/06/16 17:00:03 ] Reloading Unbound ...error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: error: SSL handshake failed 34386119176:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-231/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Not completed. DNSBL update [ 70081 ]... completed ------------------------------------------ ... ...the weird thing to me is that i see the alerts in the alerts tab, but the ads still show up on my screen.
if i need to post more info, let me know.
Hi XmickS,
If you are using the Resolver in "Forwarder" mode, make sure that the DNS servers you are using support DNSSEC… This looks like a Resolver settings issue to me...
-
It can be done just as Dok said above:
Point your LAN devices to pfSense Resolver/DNSBL, and then set the Resolver into "Forwarding mode" to the opendns servers… But keep in mind that opendns doesn't support DNSSEC, so disable those options...
Stupid me, that was easy (one check mark and one off). But when using the "Forwarding mode" am I not losing DNSBL and so a lot off "power" of your adblocker? In your professional opinion am I now penny wise and pond foolish?
DNSBL has nothing to do with either "Forwarder" or "Resolver" mode in Unbound… Its a preference... But best to use "Resolver" mode as you are using the Root DNS Servers for the DNS requests...
Here is a good primer about the DNS Resolver (Unbound) https://calomel.org/unbound_dns.html
-
Hi XmickS,
If you are using the Resolver in "Forwarder" mode, make sure that the DNS servers you are using support DNSSEC… This looks like a Resolver settings issue to me...
Hi BBcan177,
I had unbound in forwarder mode. When I go to a domain which is in one of the dnsbl feeds I get the 1x1 message so that tells me that there is something being blocked. when i open, for example yahoo.com, I can see al the boxes where the adds come in just not the contens of them. I'm not sure if on my previous pfsense box the whole ad was being blocked, like my adblocker does.
Is pfblocker capable of blocking this whole add thing or is it someting I didn't remember correctly?
Thanks for the help!
-
when i open, for example yahoo.com, I can see al the boxes where the adds come in just not the contens of them. I'm not sure if on my previous pfsense box the whole ad was being blocked, like my adblocker does.
Yahoo, is doing something dirty with ADs on that page… Its actually an Image… So it can't be blocked by DNSBL since, its not doing a DNS resolution to an AD server... Right-Click on the AD then click "Inspect" ... You will see that its actually an Image.... I haven't seen this elsewhere except for Yahoo...
Some info about Browser Add-ons:
https://twitter.com/x0rz/status/739807696568918016 -
Yahoo, is doing something dirty with ADs on that page… Its actually an Image… So it can't be blocked by DNSBL since, its not doing a DNS resolution to an AD server... Right-Click on the AD then click "Inspect" ... You will see that its actually an Image.... I haven't seen this elsewhere except for Yahoo...
Some info about Browser Add-ons:
https://twitter.com/x0rz/status/739807696568918016allright… I think I see the same thing on aol.com. They just find another way to serve you ads. But with an adblocker on my browser and dnsbl blocking ads on mobile devices, I haven't seen them yet. So thats a good thing! Gonna donate right now. Thanks for making browsing a lot cleaner! ;D
Just one thing I can't get done. Thats blocking those annoying ads on youtube. Is that possible with dnsbl? I use the easylists Cameleon, adaway yoyo and hostfile. I haven't configured ip blocklists yet.
-
Does pfblockerNG2.0.4 need the localhost (127.0.0.1). As in the general setup of pfsense there is the "Disable DNS Forwarder" option! checking it and so disabling it removes 127.0.0.1 from the ISP DNS servers on the WAN in the Status -> Interfaces
(Do not use the DNS Forwarder as a DNS server for the firewall By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers.)
-
Does pfblockerNG2.0.4 need the localhost (127.0.0.1). As in the general setup of pfsense there is the "Disable DNS Forwarder" option! checking it and so disabling it removes 127.0.0.1 from the ISP DNS servers on the WAN in the Status -> Interfaces
(Do not use the DNS Forwarder as a DNS server for the firewall By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers.)
If you are using the Resolver in "Resolver mode"… then best to leave that option unchecked... This way, all requests goto the localhost for DNS resolution.
-
Yahoo, is doing something dirty with ADs on that page… Its actually an Image… So it can't be blocked by DNSBL since, its not doing a DNS resolution to an AD server... Right-Click on the AD then click "Inspect" ... You will see that its actually an Image.... I haven't seen this elsewhere except for Yahoo...
Some info about Browser Add-ons:
https://twitter.com/x0rz/status/739807696568918016allright… I think I see the same thing on aol.com. They just find another way to serve you ads. But with an adblocker on my browser and dnsbl blocking ads on mobile devices, I haven't seen them yet. So thats a good thing! Gonna donate right now. Thanks for making browsing a lot cleaner! ;D
Just one thing I can't get done. Thats blocking those annoying ads on youtube. Is that possible with dnsbl? I use the easylists Cameleon, adaway yoyo and hostfile. I haven't configured ip blocklists yet.
Yahoo! in another recent Malvertising campaign…
https://blog.malwarebytes.org/cybercrime/exploits/2016/06/neutrino-exploit-kit-fills-in-for-angler-ek-in-recent-malvertising-campaigns/
-
Just one thing I can't get done. Thats blocking those annoying ads on youtube. Is that possible with dnsbl? I use the easylists Cameleon, adaway yoyo and hostfile. I haven't configured ip blocklists yet.
same here. haven't found a way yet.
does somebody tried the blocking lists from example adblock plus addon for firefox/chrome?
would that work? -
If users find other feeds, please post back so that others may benefit also.
Just found this fairly new (march 2016) blocklist, looks interesting and can confirm it works with pfBlocker: https://ransomwaretracker.abuse.ch/blocklist/
-
If users find other feeds, please post back so that others may benefit also.
Just found this fairly new (march 2016) blocklist, looks interesting and can confirm it works with pfBlocker: https://ransomwaretracker.abuse.ch/blocklist/
Can't seem to find a download link. Are they commercial?
-
If users find other feeds, please post back so that others may benefit also.
Just found this fairly new (march 2016) blocklist, looks interesting and can confirm it works with pfBlocker: https://ransomwaretracker.abuse.ch/blocklist/
Can't seem to find a download link. Are they commercial?
Add the following to DNSBL
https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txtIn case you don't have this in IPv4 (PRI1)
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt -
Add the following to DNSBL
https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txtIn case you don't have this in IPv4 (PRI1)
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txtSo DNSBL will accept a list containing a full URL (http://malware.example.com/path/to/badfile.exe) ? I wasn't aware of that and only added the DOMBL.txt as a feed in DNSBL and IPBL.txt(as IPv4 list)
