PfBlockerNG v2.1 w/TLD
-
I am getting this error when I try to use the Spamhaus list in this tread.
===[ DNSBL Process ]================================================
[ EasywoElements ] exists.
[ SpamHouse_TLDS ] Downloading update .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
3 3 0 0 0 3
----------------------------------------------------------------------[ DNSBL FAIL ] [ Skipping : SpamHouse_TLDS ]
[1470071701] unbound-checkconf[87654:0] error: error parsing local-data at 38 '(xmlhttp.readystate 60 IN A 10.10.10.1': Syntax error, could not parse the RR
[1470071701] unbound-checkconf[87654:0] error: Bad local-data RR (xmlhttp.readystate 60 IN A 10.10.10.1
[1470071701] unbound-checkconf[87654:0] fatal error: failed local-zone, local-data configuration
[ Malware_1month ] Downloading update [ 08/01/16 12:15:01 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
1221 956 0 0 0 956
----------------------------------------------------------------------[ Malware_1week ] Downloading update [ 08/01/16 12:15:04 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
526 487 487 0 0 0
----------------------------------------------------------------------[ Malware_1day ] Downloading update [ 08/01/16 12:15:05 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
48 47 47 0 0 0
----------------------------------------------------------------------[ Malware_1hour ] Downloading update .. 200 OK
Remote timestamp missing
No Domains Found–----------------------------------------
Assembling database... completed
Executing TLD
TLD analysis. completed
Finalizing TLD... completedOriginal Matches Removed Final
6062 5530 1 6061
Validating database... completed [ 08/01/16 12:15:08 ]
Reloading Unbound…. completed
DNSBL update [ 6061 | PASSED ]… completed -
Which Spamhaus URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
-
Which Spamhouse URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
Thank you.
i see my mistake now.
I was certain I had 2 feeds that contained data but I must have misplaced it? -
Read the first posts (or more ;)) of each of these threads:
pfBlockerNG
pfBlockerNG v2.0 w/DNSBL
pfBlockerNG v2.1 w/TLDYou will find some posts about IP and DNSBL Feed.
-
First of all thank you very much for your hard work and this awesome package!
I was just wondering is it possible to somehow change the Rule Order setting to something like:
pfB_Pass/Match | pfB_Block/Reject | All other Rules | (original format)
so the first IP-list would be the whitelist?Right now I can't seem to figure out how to make custom LAN IPv4 whitelist (Permit_Outbound) rule to be the first in the rule list of the LAN interface. If I manually move it first. Next list update puts it bellow the blocklists (Deny_Outbound) again. Right now only the default setting | pfB_Block/Reject | All other Rules | (Original format) is partly usable for me (whitelist won't work) and all other rule order settings just mess my original LAN rules.
I use Traffic Shaper queues in the floating rules so prefer not to move pfBlockerNG's rules in there too.
Is this somehow possible or what am I missing, thanks?
-
Which version are you using ?
with pfBlockerNG 2.1.1_2 I have these choices.
And you can still use the Floating Rules, it won't affect the Traffic Shaper rules.
-
Which Spamhouse URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
Thank you.
i see my mistake now.
I was certain I had 2 feeds that contained data but I must have misplaced it?The https://www.spamhaus.org/statistics/tlds/ page can be useful to find TLD to put in the TLD Blacklist.
-
There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20Check what is selected in this tab, as i had a similar problem and found since the update that the inverse of what i had previously selected had been selected causing over 1.5M IP's for this section and using up all the available memory.
Rob
-
-
When I try to add a new TLD Blacklist i.e. "Google.com", I get the following error:
Clearing all DNSBL Feeds… completed
Executing TLD
Blocking full TLD/Sub-Domain(s)... |google.com| completed
TLD analysis completed
Finalizing TLD... head: 1: No such file or directory
tail: 1: No such file or directory
completedOriginal Matches Removed Final
0 0 -1 1
Validating database... completed
DNSBL enabled FAIL - restoring Unbound conf
/var/unbound/pfb_dnsbl.conf:1: error: unknown keyword '.google.com'
/var/unbound/pfb_dnsbl.conf:1: error: unknown keyword '60'
read /var/unbound/unbound.tmp failed: 2 errors in configuration fileAny ideas why DNSBL is failing to add the TLD blacklist entries?
Thanks.
-
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.This is the part of pfblockerNG log after the last DNSBL feed
[ BBC_C2 ] Reload [ 08/08/16 15:25:16 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 332 332 331 0 0 1 ---------------------------------------------------------------------- [ DNSBL_IP ] Updating aliastable [ 08/08/16 15:25:22 ]... no changes. Total IP count = 280 ------------------------------------------ Assembling database... completed Executing TLD Blocking full TLD/Sub-Domain(s)... |google.com| completed TLD analysis...xxxxxxxxxxx completed ** TLD Domain count exceeded. [ 250000 ] All subsequent Domains listed as-is ** Finalizing TLD... completed ---------------------------------------- Original Matches Removed Final ---------------------------------------- 1323464 87716 169286 1154178 ----------------------------------------- Validating database... completed [ 08/08/16 15:31:20 ] Reloading Unbound.... completed DNSBL update [ 1154178 | PASSED ]... completed [ 08/08/16 15:32:02 ] ------------------------------------------ ===[ Continent Process ]============================================ -
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.No, I only want to block a couple domains and not use any DNSBL lists.
Must I have a DNSBL list for TLD to work?
-
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.No, I only want to block a couple domains and not use any DNSBL lists.
I solved the issue by create a dummy feed, the inside the feed add the "Custom Block List" this seems to allow the domains to be blocked.
Is this the expected behaviour?
Well maybe nobody tested a setup without any DNSBL feed. Using a Custom Block List does create a feed and seems to remove the issue.
-
Well maybe nobody tested a setup without any DNSBL feed. Using a Custom Block List does create a feed and seems to remove the issue.
BBCan177 got back to me even though he was on vacation (thanks!).
Basically create a dummy DNSBL feed, in the bottom section called Custom Domains, add the subdomains there. This will block the domains correctly.
-
Hello BBcan177 and pfsense users,
Great work on pfblockerng. I have one question. I have DNSBL listening port 8081 and when I type 10.10.10.1:8081 I get the gif image. Now when I try the DNSBL SSL listening port 8443 10.10.10.1:8443 I get the connection was reset. So it doesn't work.
I have been doing some reading on why I was getting the "googleads.g.doubleclick.net" and in one post someone talked about limiters causing problem. I don't have any limiters setup. I think it's because DNSBL SSL isn't working.
Anyone have an idea why DNSBL SSL isn't working for me ?
Thanks
-
http://10.10.10.1:8443 return a gif
It should be https://10.10.10.1:443 but that doesn't return and doesn't it log to dnsbl.log either.
-
I tried https://10.10.10.1:443 and it returned a gif so that works. Anyone else have the google ads certificate popup? I get the popup in Safari and in Firefox I see the error message where the ads used to be.
It would be nice to have just empty space without the error.
Thanks Ronpfs for your reply.
-
You have the URL that generate the errors so I can reproduce here?
-
I have been surfing the web to find one. Just cause i'm trying I am having a hard time.
This site did it once on my desktop but didn't do it on my phone.
https://www.instantssl.com/ssl-certificate-products/https.html
-
Check what is selected in this tab, as i had a similar problem and found since the update that the inverse of what i had previously selected had been selected causing over 1.5M IP's for this section and using up all the available memory.
Rob
Hi Rob,
The memory issue will be fixed with v2.1.1_3, however, you don't want to reverse the "Registered" vs the "Represented" entries. Please refer to the link in the GeoIP tabs "Whats new in GeoIP2" to help you understand the difference between those two types.
