Is Hiding DNSBL Alerts without Whitlisting Possible?
-
I've been trying to find a simple solution aside from whitelisting that will either hide, or remove some of the regular blocked domains that constantly spam my pfBlockerNG alerts list. Is such a thing currently possible? Is there maybe a setting I haven't found yet to accomplish this?
-
@zskwrel
In pfBlockerNG-devel, you can sinkhole a DNSBL Group to "0.0.0.0" and it will avoid the logging of these domains. There is a DNSBL disable logging option. Also recommended to set the Group order to "primary" so that it loads first before other DNSBL groups.This is also beneficial for domains that cause HTTPS certificate errors in the browser while browsing.
-
Thanks for your response. I will disable logging for that DNSBL feed for now, but it would still be nice to be able to hide/suppress individual repetitive domain alerts without bringing the hammer down on a whole feed list in case false positives are occurring but not being shown due to disabled logging of a feed.
-
The simple solution is to create a new DNSBL Group with logging disabled and the group order set as primary. Then add these individual domains to the custom list at the bottom of this new group.
Run a Force Reload - DNSBL which will mark these domains with "0.0.0.0" before the other feeds take precedence.
-
Oh, I see what you mean now! Thanks again.
