Privacy-Filter
-
To block sites that collect information about you and is for blocking Telemetry and some Android Rootkit along with Shodan.io Scanners. Original script source https://github.com/RMerl/asuswrt-merlin/wiki/Ipset-script-installation-instructions#privacy-filter
To make this work on pfSense, create a DNSBL feed called Privacy-Filter and add the following under Custom Block List. List Action is Unbound.
a.rad.msn.com a-0001.a-msedge.net a-0002.a-msedge.net a-0003.a-msedge.net a-0004.a-msedge.net a-0005.a-msedge.net a-0006.a-msedge.net a-0007.a-msedge.net a-0008.a-msedge.net a-0009.a-msedge.net ac3.msn.com aidps.atdmt.com aka-cdn-ns.adtech.de b.ads1.msn.com b.rad.msn.com bs.serving-sys.com c.atdmt.com c.msn.com choice.microsoft.com choice.microsoft.com.nsatc.net corp.sts.microsoft.com corpext.msitadfs.glbdns2.microsoft.com db3aqu.atdmt.com df.telemetry.microsoft.com diagnostics.support.microsoft.com fe2.update.microsoft.com.akadns.net feedback.microsoft-hohm.com feedback.search.microsoft.com feedback.windows.com flex.msn.com g.msn.com h1.msn.com i1.services.social.microsoft.com lb1.www.ms.akadns.net live.rads.msn.com m.adnxs.com msedge.net msnbot-65-55-108-23.search.msn.com msntest.serving-sys.com oca.telemetry.microsoft.com pre.footprintpredict.com preview.msn.com rad.live.com rad.msn.com redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com s.gateway.messenger.live.com s0.2mdn.net schemas.microsoft.akadns.net secure.adnxs.com secure.flashtalking.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sls.update.microsoft.com.akadns.net sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net static.2mdn.net statsfe1.ws.microsoft.com statsfe2.update.microsoft.com.akadns.net statsfe2.ws.microsoft.com survey.watson.microsoft.com telecommand.telemetry.microsoft.com telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com view.atdmt.com vortex.data.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com watson.live.com watson.microsoft.com watson.ppe.telemetry.microsoft.com watson.telemetry.microsoft.com wes.df.telemetry.microsoft.com www.msftncsi.com nametests.com oyag.lhzbdvm.com oyag.prugskh.net oyag.prugskh.com census1.shodan.io census2.shodan.io census3.shodan.io census4.shodan.io census5.shodan.io census6.shodan.io census7.shodan.io census8.shodan.io census9.shodan.io census10.shodan.io census11.shodan.io census12.shodan.io atlantic.census.shodan.io pacific.census.shodan.io rim.census.shodan.io pirate.census.shodan.io ninja.census.shodan.io border.census.shodan.io burger.census.shodan.io atlantic.dns.shodan.io hello.data.shodan.io -
Note that using the above list WILL break Windows Update.
-
Thanks for the feedback. I just checked and see that updates for my Windows 10 laptop have not been broken impacted using this list. Just to be safe, I'll check with other users of the list and the author of the list on snbforums dot com to see if anyone else has had an issue and report back.
EDIT: After I posted the above, I saw I had some updates that were not successful from about two months ago. I ran the updates and it worked. I did confirm with the author that the ip addresses listed will not prevent windows update from working:
https://www.snbforums.com/threads/privacy-filter-another-ipset-script.36801/page-18#post-321702
However, everyone's set up is different. I have the privacy-filter in use at several sites and have not seen any issues to date. I'll double check to be safe though as I was not really watching out for issues with Windows update.
-
You can use the adblock/ublock easyprivacy list
Anyone know a good source for the spybot anti-beacon hostfile list?
It would cover the windows issues -
I dumped my pfBlockerNG configuration in a blog post here, may be of some use in the context of this thread.
-
I dumped my pfBlockerNG configuration in a blog post here, may be of some use in the context of this thread.
IP addresses in my level 3 blocklist are denied on the incoming side only, i.e. I allow connections initiated from inside my home LAN out to these IPs to go through.
Why are you blocking inbound on your LAN? Did you open up the WAN to your LAN? This should be blocked by default.
-
Why are you blocking inbound on your LAN? Did you open up the WAN to your LAN? This should be blocked by default.
Yes it is totally pointless to have inbound-only blocklists, but basically I love to sit and watch the firewall log, hard to describe but I find it fascinating how many IPs from across the globe are in those lists.
