• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Whitelist doesn't stay whitelisted

Scheduled Pinned Locked Moved pfBlockerNG
9 Posts 4 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Apathia
    last edited by Jan 7, 2017, 4:30 AM

    With PFblockerNG activated, twitch.tv streams don't start. What I did to whitelist it, was go into the ipv4 section, Added a new list, kept pretty much everthing default except the names and List Action is set to permit both, then added twitch.tv to the IPv4 Custom list. I then saved it and updated PFblockerNG and twitch.tv streams work, until a while later when they stop working again.

    Am I doing something wrong?

    1 Reply Last reply Reply Quote 0
    • R
      RonpfS
      last edited by Jan 7, 2017, 5:13 AM Jan 7, 2017, 5:09 AM

      So what is blocked ?
      The IP of twitch.tv or the Domain name "twitch.tv" ?

      In the pfblockerNG Alerts tab you can see what is blocked :
      IP are blocked under Deny - Last xxx Alert Entries
      while Domains are blocked under DNSBL - Last xx Alert Entries

      If there is a "+" icon, you can suppress it from the Alert tabs.
      Remember to click on the InfoBlock icon on any pfBlockerNG page to get additional information about configuration/usage.

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      1 Reply Last reply Reply Quote 0
      • A
        Apathia
        last edited by Jan 7, 2017, 8:56 AM

        Turns out it's the IP for the twitch video which uses a separate domain (video-edge-4995f0.iad02.hls.ttvnw.net is the whole url), and I've already added ttvnw.net to the whitelist, but it's still being blocked after a while.

        Does this mean I have to whitelist the entire 192.16.64.0/21 IP range that's being blocked?

        1 Reply Last reply Reply Quote 0
        • R
          RonpfS
          last edited by Jan 7, 2017, 9:32 AM

          Maybe you could use the ASN AS46489 of Twitch TV to create a pass alias.

          https://www.ultratools.com/tools/asnInfoResult?domainName=192.16.70.22

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          1 Reply Last reply Reply Quote 0
          • A
            Apathia
            last edited by Jan 7, 2017, 3:12 PM Jan 7, 2017, 9:51 AM

            That unfortunately didn't work, but just to make sure I'm doing it correctly, I use "AS46489" instead of "twitch.tv" in the IPv4 Custom list section?

            Whitelisting the entire IP range does work though, but I don't think it's a good idea to keep it like that is it?

            screencapture-10-10-10-1-pkg_edit-php-1483801839850.png
            screencapture-10-10-10-1-pkg_edit-php-1483801839850.png_thumb

            1 Reply Last reply Reply Quote 0
            • C
              chrcoluk
              last edited by Jan 7, 2017, 4:54 PM

              what list blocked twitch?

              pfSense CE 2.7.2

              1 Reply Last reply Reply Quote 0
              • A
                Apathia
                last edited by Jan 7, 2017, 5:28 PM

                http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz

                Not sure which guide I used to add it. There was a script that added 3 levels plus 12 individual groups. This was in the Ads section.

                Edit: https://forum.pfsense.org/index.php?topic=118424.0

                1 Reply Last reply Reply Quote 0
                • R
                  RonpfS
                  last edited by Jan 7, 2017, 6:45 PM

                  Iblocklist are to be avoided, most are stale, looking at http://iplists.firehol.org/?ipset=iblocklist_ads it has not been updated since Sept 2015.

                  Under IPv4 Source Definitions :
                   Click here for Guidelines –->
                  You will see

                  Whois:    Domain name or AS (ie: facebook.com or AS32934)

                  2.4.5-RELEASE-p1 (amd64)
                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsensory
                    last edited by Jan 8, 2017, 5:00 PM

                    Any suggestions as to which lists would be better to use?

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received