Firewall blocks everything, or let's everything through
-
I've tried a couple times to get pfblockerng to work… Gone through all the setup process following a couple different tutorials (download the package, make sure DNS forwarder is off, DNS resolver is on, enabled dnsbl within pfblocker, add some DNS lists (tried adding ipv4 lists too), enable pfblocker, update pfblocker, etc.
The first time I got it set up I couldn't figure out why the clients were bypassing the pfsense box and going straight out to the DNS servers set on the general setup page.
Second time, I got it set up but it blocked nearly everything (I got this page http://sleepyti.me ) to go through but that was it.
I'm a little disappointed right now because it seems pretty straight forward and yet I can't seem to get it correct...
-
Ensure that your LAN devices have their DNS settings set to pfSense for DNS resolution/DNSBL to take effect…. For DNSBL, you have to add those Feeds to the DNSBL tab....The IPv4 tab is only for IP based feeds...
-
I struggled with pfBlocker set up as well but I have it blocking now…BBcan177 had some great tips, I'll share what I can, open to feedback if I have done some things wrong myself:
-
Make sure you can navigate to 10.10.10.1-pixel....this was a little confusing but its a blank page(no pixels I could see on the page!). I had to add a rule on my interface to allow access to 127.0.0.1
-
Some of the lists I use in DNSBL are:
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
http://osint.bambenekconsulting.com/feeds/dga-feed.gz
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt -
Some of the lists I use in the iPV4:
http://cinsscore.com/list/ci-badguys.txt
https://zeustracker.abuse.ch/blocklist.php?download=badips -
In the general settings I only use my internal interfaces i.e. I don't run it on my WAN or VPN
-
Don't turn on GeoIP quite yet and be selective, as an example I originally blocked Brazil but it prevented me from downloading some SNORT rules(The servers are in Brazil)
While my pfBlocker is working I still have some questions/concerns I am trying to address, see my outstanding post here(which also gets into my DNS resolver settings):
https://forum.pfsense.org/index.php?topic=135363.0While I don't think its perfect it might help get you going...good luck. Hang in there...
-