Possible bugs in DNSBL

mir

Hi all,

After some extensive fiddling with DNSBL I might have discovered two bugs.

Pfsense: 2.3.2-RELEASE-p1 (amd64)
pfBlockerNG: 2.1.1_6
Multiple internal networks.

First issue: If you have activated DNSBL and later uninstall pfBlockerNG you need to reboot pfsense before installing pfBlockerNG and activating DNSBL again. Otherwise the firewall rules will not be created for DNSBL when DNSBL is activated. So it seems the uninstall process does not clean everything out.

Second issue: On my interface hosting WIFI traffic I have limiters configured to restrict total bandwidth. Works as expected when DNSBL is not activated but when DNSBL is activated traffic is blocked to the DNSBL Virtual IP causing http traffic to hang. Tested in Safari, Google Chrome, and Firefox on IOS, Android, Windows, Linux, and FreeBSD.

Forgot to mention: Followed this guide -> https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943

BBcan177

1. Did you run a "Force Update" after re-installing the page?

2. I don't have any experience with Limiters… Best to post in the Traffic Shaping forum for help with that... Did you try to enable the "Allow DNSBL" checkbox option in the DNSBL tab?

mir

@BBcan177:

1. Did you run a "Force Update" after re-installing the page?

Yes, did that. Did not have any effect.

@BBcan177:

2. I don't have any experience with Limiters… Best to post in the Traffic Shaping forum for help with that... Did you try to enable the "Allow DNSBL" checkbox option in the DNSBL tab?

I don't have such a checkbox?

mir

@BBcan177:

2. I don't have any experience with Limiters… Best to post in the Traffic Shaping forum for help with that... Did you try to enable the "Allow DNSBL" checkbox option in the DNSBL tab?

I have created a thread here: https://forum.pfsense.org/index.php?topic=124952.0

mir

According to doktornoter in the other thread you should have a beta version which  uses 0.0.0.0 blackhole instead of NAT to the virtual IP. Is this available in some way?

BBcan177

@mir:

According to doktornoter in the other thread you should have a beta version which  uses 0.0.0.0 blackhole instead of NAT to the virtual IP. Is this available in some way?

See here:

https://forum.pfsense.org/index.php?topic=124945.0

mir

@BBcan177:

See here:

https://forum.pfsense.org/index.php?topic=124945.0

In my version of the file the line number is different and I also see several lines with identical content. I will wait for an official release. But thank you anyway.