Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Small Typo on Firewall / pfBlockerNG / DNSBL (Need help to clarify)

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 923 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by

      There is a small typo On the page:

      Firewall / pfBlockerNG / DNSBL

      In the section:
      DNSBL Configuration

      The entry:
      DNSBL Virtual IP

      Example ( 10.10.10.1 )
      Enter a  single IPv4 VIP address  that is RFC1918 Compliant.

      This address should be in an Isolated Range than what is used in your Network.
      Rejected DNS Requests will be forwarded to this VIP (Virtual IP)
      RFC1918 Compliant - (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

      and I'm not sure how to read this.

      Should this read

      This address should be in an Isolated Range other than what is used in your Network.

      So if I have a interfaces in the 192.168.x.0/24 and VPN that comes up somewhere in 10.x.x.x (Changes and not under my control).

      Do I need to pick something like 172.16.1.1 or is 192.168.111.1 OK (I'm not using this 192.168.111.0/24) or does it matter?
      Will any single unused RFC1918 IP do the job?

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Thanks will fix that in the next release to make it clearer… But yes, DNSBL VIP needs to be in an unused Network range.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • G
          guardian Rebel Alliance
          last edited by

          Thanks for the reply BBcan177.  How about something like this:

          This can be any RFC1918 address not used anywhere in your Network.
          Rejected DNS Requests will be forwarded to this VIP (Virtual IP)
          RFC1918 Compliant - (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

          Is this accurate?

          If I understand correctly, all that is needed is a single unused address.  It doesn't matter what address / what range, as long as it doesn't get used for anything.

          Does pfBlockerNG use this address for anything, or is it just a dead address that won't deliver any content?

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            Yes it needs to be in an unused network range, and is used to host the DNSBL Webserver…

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.