DNSBL modify default bloked webpage

rjabellax5 · Jul 24, 2018, 12:53 PM

@ronpfs Thank you. Sorry I didnt get that quickly.

Removed PFBlockerNG and installed devel version, i can now see the blocked webpage option.

again, thank you.

occamsrazor · Aug 31, 2018, 9:38 PM

Did you ever manage to enable this option and create a page? Just curious, I'd also like to have.
Actually what I would like is a basic error page that told me "Blocked by pfBlockerNG using thisparticularfeed"

RonpfS · Aug 31, 2018, 11:04 PM

@occamsrazor
You can copy the default file and modify it to your taste.
Or create you own html file.

occamsrazor · Sep 1, 2018, 4:43 AM

I found and downloaded the default page in /usr/local/www/pfblockerng/www/
What I'm realising now is I am never seeing this default block page at all (this was same for me pre -devel version), I just get a timeout.

A ping from client machine to the blocked address confirms it is being redirected to 10.10.10.1

RonpfS · Sep 1, 2018, 5:05 AM

@occamsrazor That a page you get when you access a blocked domain name directly : http://js.agkn.com
In case of an image URL you get a 1x1gif page, for a .js you get another page, etc

occamsrazor · Sep 1, 2018, 5:49 AM

@ronpfs said in DNSBL modify default bloked webpage:

@occamsrazor That a page you get when you access a blocked domain name directly : http://js.agkn.com
In case of an image URL you get a 1x1gif page, for a .js you get another page, etc

When I ping that address it's clearly being blocked
ping js.agkn.com
PING js.agkn.com (10.10.10.1): 56 data bytes

But when I try to access the example you gave http://js.agkn.com in a web browser no page ever loads, just a timeout.

RonpfS · Sep 1, 2018, 5:54 AM

@occamsrazor said in DNSBL modify default bloked webpage:

But when I try to access the example you gave http://js.agkn.com in a web browser no page ever loads, just a timeout.

Do you get something from http://10.10.10.1/

occamsrazor · Sep 1, 2018, 6:07 AM

@ronpfs said in DNSBL modify default bloked webpage:

Do you get something from http://10.10.10.1/

No, just a "Waiting for......" in the bottom of the browser screen and page never loads.

RonpfS · Sep 1, 2018, 6:16 AM

@occamsrazor Under Firewall / NAT / Port Forward You should have NAT entries pointing to the VIP.

Did you enable Permit Firewall Rules under Firewall / pfBlockerNG / DNSBL ? Do you see those Rules under Firewall / Rules

occamsrazor · Sep 1, 2018, 6:33 AM

@ronpfs said in DNSBL modify default bloked webpage:

@occamsrazor Under Firewall / NAT / Port Forward You should have NAT entries pointing to the VIP.

Did you enable Permit Firewall Rules under Firewall / pfBlockerNG / DNSBL ? Do you see those Rules under Firewall / Rules

That check box was not enabled. I've enabled it now, restarted router and client machine, and see the rules under Floating:

But still don't get any response from http://10.10.10.1/ or that domain you posted.

occamsrazor · Sep 1, 2018, 6:51 AM

Aha... I notice the pfB_DNSBL_Ports alias refers to ports 8081 and 8043 only. When I type http://10.10.10.1:8081/ in the browser I get a response:

But even if I manually add port 80 to the pfB_DNSBL_Ports alias it doesn't give me that page when going to http://10.10.10.1

RonpfS · Sep 1, 2018, 6:54 AM

@occamsrazor The NAT should take care of redirecting port 80 and 443.

occamsrazor · Sep 1, 2018, 7:59 AM

@ronpfs said in DNSBL modify default bloked webpage:

@occamsrazor The NAT should take care of redirecting port 80 and 443.

I see a corresponding port-forward in Firewall > NAT Port > Forward but it doesn't seem to be working:

BBcan177 · Sep 1, 2018, 9:36 PM

@occamsrazor

Make sure that your LAN devices DNS settings are only set to pfSense, and not any other DNS server or else that will bypass DNSBL.

occamsrazor · Sep 2, 2018, 5:19 AM

@bbcan177 said in DNSBL modify default bloked webpage:

@occamsrazor

Make sure that your LAN devices DNS settings are only set to pfSense, and not any other DNS server or else that will bypass DNSBL.

They all use pfsense as DNS server (Resolver with forwarding) and I have rule to block DNS going elsewhere:

DHCP Server DNS settings:

Redirect any other DNS requests to pfSense

NAT settings

LAN Rules

The things is DNSBL IS working.... as bad domains are resolving to 10.10.10.1 in terms of DNS - it's just I am not getting the redirect webpage at 10.10.10.1

BBcan177 · Sep 2, 2018, 9:30 AM

@occamsrazor said in DNSBL modify default bloked webpage:

The things is DNSBL IS working.... as bad domains are resolving to 10.10.10.1 in terms of DNS - it's just I am not getting the redirect webpage at 10.10.10.1

That blocked page only shows when the root domain is blocked. It won't show when it blocks an AD or a sub-domain.

occamsrazor · Sep 2, 2018, 9:52 AM

@bbcan177 said in DNSBL modify default bloked webpage:

That blocked page only shows when the root domain is blocked. It won't show when it blocks an AD or a sub-domain.

If we take the example RonPfs gave above, if I do a ping I get this, which would indicate DNSBL is working:

BenMBPwifi:~ ben$ ping agkn.com
PING agkn.com (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=44.806 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=1.503 ms

But when I go to http://agkn.com I just get a timeout. It's not a big deal as DNSBL is working, just strange I never, ever see that page. I should add I have TLD enabled, though I didn't before and also never saw that block page.

BBcan177 · Sep 2, 2018, 10:00 AM

@occamsrazor said in DNSBL modify default bloked webpage:

But when I go to http://agkn.com I just get a timeout. It's not a big deal as DNSBL is working, just strange I never, ever see that page. I should add I have TLD enabled, though I didn't before and also never saw that block page.

Is that domain in a blacklist?

grep "agkn.com" /var/db/pfblockerng/dnsbl/*

As a test, try to browse to "101com.com"

occamsrazor · Sep 2, 2018, 10:23 AM

@bbcan177 said in DNSBL modify default bloked webpage:

Is that domain in a blacklist?

Yes it is...

Shell Output - grep "agkn.com" /var/db/pfblockerng/dnsbl/*
/var/db/pfblockerng/dnsbl/EasyPrivacy.txt:local-data: "agkn.com 60 IN A 10.10.10.1"

As a test, try to browse to "101com.com"

Shell Output - grep "101com.com" /var/db/pfblockerng/dnsbl/*
/var/db/pfblockerng/dnsbl/MVPS.txt:local-data: "wtrs.101com.com 60 IN A 10.10.10.1"

Seems 101com.com isn't in my blocklists but wtrs.101com.com is.
When I ping 101com.com I get a real IP, when I ping wtrs.101com.com I get 10.10.10.1
When I browse to wtrs.101com.com I get a timeout, when I browse to 101com.com I get through to some server.

BBcan177 · Sep 3, 2018, 4:13 AM

@occamsrazor said in DNSBL modify default bloked webpage:

@ronpfs said in DNSBL modify default bloked webpage:

Do you get something from http://10.10.10.1/

No, just a "Waiting for......" in the bottom of the browser screen and page never loads.

Do you have VLANs? If so, please ensure that in the DNSBL tab, that you have selected the "DNSBL Permit" option, and select all of the VLANs in the dropdown selection box.

Otherwise, try to disable the other two port forwards and see if one of those is causing a conflict?

There shouldn't be any timeouts.