pfblocker blocks security.debian.org

pooperman

Hi, I am trying to tell pfblocker to not block security patch address.
The entry in the dnsbl alert task looks strange:

whitelist entry for TLD and DNSBL has been added and DNSBL got reloaded. any hint where to search?

RonpfS

Put debian.org instead or security.debian.org in TLD exclusion list, remove .debian.org and security.debian.org from Whitelist, Force Reload DNSBL.

Access the site, then see what Alert is showing. You can then use the Alerts tab "+" icon to whitelist what's needed.

pooperman

followed your instructions, but still the same.
I do not get a plus sign to add it. See 1st screenshot

RonpfS

Well did you look at pfblockerng.log to see what is done ? Do you see debian anywhere in the processing ? Do you have TLD enabled ?

pooperman

TLD Whitelist debian.org|128.31.0.62

yes, it is included
yes, TLD enabled

RonpfS

Well from what you typed debian.org is still in the DNSBL Whitelist...

RonpfS

To find out the feed for debian, do this in a Shell cmd

grep "debian.org" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /usr/local/pkg/pfblockerng/dnsbl_tld

pooperman

@RonpfS
sorry to ask, but how do I do it?
via execute command (browser UI?)
or do I need to open up an SSH session?

RonpfS

Diagnostics / Command prompt is one way.

pooperman

@RonpfS said in pfblocker blocks security.debian.org:

grep "debian.org" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /usr/local/pkg/pfblockerng/dnsbl_tld

RonpfS

@RonpfS said in pfblocker blocks security.debian.org:

grep "debian.org" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /usr/local/pkg/pfblockerng/dnsbl_tld

It doesn't seems you have debian.org in any DNSBL group....
Add the dnsblalias/* to the grep :

grep "debian.org" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/db/pfblockerng/dnsblalias/*  /usr/local/pkg/pfblockerng/dnsbl_tld

Do you have it in any DNSBL Custom_List ?

Why don't you post pfblockerng.log so we can put some light on you issue.

pooperman

the log is just too big to post it in this forum, here is one run attached:
log.txt

RonpfS

You can also zip the log.

For all those URLs that gave you SSL certificate problem, change the State from ON to FLEX. Than run a Force Reload DNSBL.

You also have problem with your DNSBL Whitelist

TLD:

 TLD Whitelist - Missing data | heise.de/ | a.root-servers.net. nstld.verisign-grs.com. 2019041401 1800 900 604800 86400 |
 TLD Whitelist web.de|82.165.230.17

 TLD Whitelist - Missing data | malwaredb.malekal.com | ns1.gandi.net. hostmaster.gandi.net. 1552922405 10800 3600 604800 10800 |
 TLD Whitelist maxmind.com|104.16.38.47

 TLD Whitelist - Missing data | reputation.alienvault.com | reputation.alienvault.io. |
 TLD Whitelist rules.emergingthreats.net|204.12.217.19

 TLD Whitelist - Missing data | login.live.com | login.msa.akadns6.net. |
 TLD Whitelist debian.org|128.31.0.62
 Blocking full TLD/Sub-Domain(s)... |cdn2.spiegel.de|cp.abbp1.com| completed

Fix that first, click on the blue Infoblock to get it right. Again a Force Reload DNSBL for change to take effect.

pooperman

thanks for your support,
will try to fix that and come back tomorrow.
one loading round takes about 20 minutes

RonpfS

Well you have probably too many URLs.
Do you really need all the EasyList language ?

Also you are using some tables that haven't changed since 2014 : May 20 2014 Malekal_Hosts

Review the logs file to detect issues.