pfBlocker hidden whitelists
-
Hi,
Recently updated my pfBlocker, added some more lists to be blacklisted off of github repos and while reloading, I noticed something:
[ Shallalist_adv ] Reload . completed .. Whitelist: ads.google.com|adservices.google.com|adwords.google.com|adwords.google.nl|an.yandex.ru|awaps.yandex.ru|az.yandex.ru|bs.yandex.ru|direct.yandex.ru|Well... Absolutely not, I don't want ads.google.com to be whitelisted. Where is this whitelist coming from?
I looked around, I looked in Custom pfBlocker whitelist, I looked at every single tab, every single corner and config page related to pfBlocker, I can't find anywhere with ads.google.com listed as domain to be whitelisted.
What's going on? What am I missing? Any clues?
-
Also no whitelisting at all
-
Maybe some settings were not applied at some point.
Add a domain to the WhiteList, Save the DNSBL settings.
Remove the domain, Save the DNSBL settings, Force Update, Force Reload All, check if it is still whitelisted. -
@RonpfS Thanks for the suggestion. I did that, no difference. Been struggling with it for 8+ hours now... Don't want to remove/re-install pfBlocker
-
@BBcan177 Any ideas? I really checked every single tab and config page in pfBlocker for hours
-
Hello!
Check /var/db/pfblockerng/pfbdnsblsuppression.txt
Any .bk files in /var/db/pfblockerng/dnsbl/
?
John
-
@serbus Thank you very much, seems like its "/var/db/pfblockerng/pfbdnsblsuppression.txt"
I did
rmon that file, but after reload file is placed there again. Where is that coming from? How can I remove it completely?P.S. No bk files in /var/db/pfblockerng/dnsbl/
-
Checked the code, based on this:
https://gist.githubusercontent.com/BBcan177/fd7aa11babc3280ab593cacb86a60257/rawdnsbl_supptxt value is populated from DNSBL Whitelist, but I absolutely have nothing in there, added test domain, saved, removed, saved, I did all I can to remove it, but mysteriously a large list of domains gets added to my pfbdnsblsuppression.txt on each reload
-
Hello!
Do you have DNSBL SafeSearch enabled? Alexa/TOP1M?
John
-
@iTestAndroid said in pfBlocker hidden whitelists:
pfbdnsblsuppression
maybe search inside the config.xml
there is this section:-<pfblockerngdnsblsettings> -<config> <pfb_dnsvip>10.10.10.1</pfb_dnsvip> <pfb_dnsport>8081</pfb_dnsport> <pfb_dnsport_ssl>8553</pfb_dnsport_ssl> <pfb_dnsbl>on</pfb_dnsbl> <suppression>czMuYW1hem9uYXdzLmNvbQ0KczMtMS5hbWF6b25hd3MuY29tICMgQ05BTUUgZm9yIChzMy5hbWF6b25hd3MuY29tKQ0KLmdpdGh1Yi5jb20NCi5naXRodWJ1c2VyY29udGVudC5jb20gDQp naXRodWIubWFwLmZhc3RseS5uZXQgIyBDTkFNRSBmb3IgKHJhdy5naXRodWJ1c2VyY29udGVudC5jb20pDQouZ2l0bGFiLmNvbQ0KLmFwcGxlLmNvbSANCi5zb3VyY2Vmb3JnZS5uZXQNCi5mbHMtbmEuYW1hem9uLmNvbSAjIGFsZXhhDQouY29udHJ vbC5rb2NoYXZhLmNvbSAjIGFsZXhhIDINCi5kZXZpY2UtbWV0cmljcy11cy0yLmFtYXpvbi5jb20gIyBhbGV4YSAzDQouYW1hem9uLWFkc3lzdGVtLmNvbSAjIGFtYXpvbiBhcHAgYWRzDQoucHgubW9hdGFkcy5jb20gIyBhbWF6b24gYXBwIDINCi5 3aWxkY2FyZC5tb2F0YWRzLmNvbS5lZGdla2V5Lm5ldCAjIENOQU1FIGZvciAocHgubW9hdGFkcy5jb20pDQouZTEzMTM2LmcuYWthbWFpZWRnZS5uZXQgIyBDTkFNRSBmb3IgKHB4Lm1vYXRhZHMuY29tKQ0KLnNlY3VyZS1nbC5pbXJ3b3JsZHdpZGU uY29tICMgYW1hem9uIGFwcCAzDQoucGl4ZWwuYWRzYWZlcHJvdGVjdGVkLmNvbSAjIGFtYXpvbiBhcHAgNA0KLmFueWNhc3QucGl4ZWwuYWRzYWZlcHJvdGVjdGVkLmNvbSAjIENOQU1FIGZvciAocGl4ZWwuYWRzYWZlcHJvdGVjdGVkLmNvbSkNCi5 icy5zZXJ2aW5nLXN5cy5jb20gIyBhbWF6b24gYXBwIDUNCi5icy5leWVibGFzdGVyLmFrYWRucy5uZXQgIyBDTkFNRSBmb3IgKGJzLnNlcnZpbmctc3lzLmNvbSkNCi5ic2xhLmV5ZWJsYXN0ZXIuYWthZG5zLm5ldCAjIENOQU1FIGZvciAoYnMuc2V ydmluZy1zeXMuY29tKQ0KLmFkc2FmZXByb3RlY3RlZC5jb20gIyBhbWF6b24gYXBwIDYNCi5hbnljYXN0LnN0YXRpYy5hZHNhZmVwcm90ZWN0ZWQuY29tICMgQ05BTUUgZm9yIChzdGF0aWMuYWRzYWZlcHJvdGVjdGVkLmNvbSkNCmdvb2dsZS5jb20 NCnd3dy5nb29nbGUuY29tDQp5b3V0dWJlLmNvbQ0Kd3d3LnlvdXR1YmUuY29tDQp5b3V0dWJlLXVpLmwuZ29vZ2xlLmNvbSAjIENOQU1FIGZvciAoeW91dHViZS5jb20pDQpzdGFja292ZXJmbG93LmNvbQ0Kd3d3LnN0YWNrb3ZlcmZsb3cuY29tDQp kcm9wYm94LmNvbQ0Kd3d3LmRyb3Bib3guY29tDQp3d3cuZHJvcGJveC1kbnMuY29tICMgQ05BTUUgZm9yIChkcm9wYm94LmNvbSkNCi5hZHNhZmVwcm90ZWN0ZWQuY29tDQpjb250cm9sLmtvY2hhdmEuY29tDQpzZWN1cmUtZ2wuaW1yd29ybGR3aWR lLmNvbQ0KcGJzLnR3aW1nLmNvbSAjIHR3aXR0ZXIgaW1hZ2VzDQp3d3cucGJzLnR3aW1nLmNvbSAjIHR3aXR0ZXIgaW1hZ2VzDQpjczE5Ni53YWMuZWRnZWNhc3RjZG4ubmV0ICMgQ05BTUUgZm9yIChwYnMudHdpbWcuY29tKQ0KY3MyLXdhYy5hcHI tODMxNS5lZGdlY2FzdGRucy5uZXQgIyBDTkFNRSBmb3IgKHBicy50d2ltZy5jb20pDQpjczItd2FjLXVzLjgzMTUuZWNkbnMubmV0ICMgQ05BTUUgZm9yIChwYnMudHdpbWcuY29tKQ0KY3M0NS53YWMuZWRnZWNhc3RjZG4ubmV0ICMgQ05BTUUgZm9 yIChwYnMudHdpbWcuY29tKQ==</suppression>you can use this site to decode base64 to text
https://www.base64decode.org/ -
@serbus No, as I mentioned earlier, definitely not. Also I went through all tabs and configs, nothing enabled for "whitelisting" or "suppression"
-
@kiokoman Can I modify the /conf/config.xml file and remove the list?
Additionally, <supression> in pfblockerngdnsblsettings is empty in my /conf/config.xml
<pfblockerngdnsblsettings> <config> <pfb_dnsbl>on</pfb_dnsbl> <pfb_tld></pfb_tld> <pfb_dnsvip>127.0.0.1</pfb_dnsvip> <pfb_dnsport>8081</pfb_dnsport> <pfb_dnsport_ssl>8443</pfb_dnsport_ssl> <dnsbl_interface>lan</dnsbl_interface> <pfb_dnsbl_rule></pfb_dnsbl_rule> <dnsbl_allow_int></dnsbl_allow_int> <action>Deny_Both</action> <aliaslog>enabled</aliaslog> <autoaddrnot_in></autoaddrnot_in> <autoports_in></autoports_in> <aliasports_in></aliasports_in> <autoaddr_in></autoaddr_in> <autonot_in></autonot_in> <aliasaddr_in></aliasaddr_in> <autoproto_in></autoproto_in> <agateway_in>default</agateway_in> <autoaddrnot_out></autoaddrnot_out> <autoports_out></autoports_out> <aliasports_out></aliasports_out> <autoaddr_out></autoaddr_out> <autonot_out></autonot_out> <aliasaddr_out></aliasaddr_out> <autoproto_out></autoproto_out> <agateway_out>default</agateway_out> <alexa_enable></alexa_enable> <alexa_count></alexa_count> <alexa_inclusion></alexa_inclusion> <suppression></suppression> <tldexclusion></tldexclusion> <tldblacklist></tldblacklist> <tldwhitelist></tldwhitelist> <pfb_dnsvip_type>ipalias</pfb_dnsvip_type> <pfb_dnsvip_pass></pfb_dnsvip_pass> <dnsbl_webpage>dnsbl_default.php</dnsbl_webpage> <pfb_dnsbl_sync></pfb_dnsbl_sync> <alexa_type></alexa_type> </config> </pfblockerngdnsblsettings> -
at least we have ruled out a configuration problem
-
Hello!
In the config under InstalledPackages, what does this look like?
<pfblockerngsafesearch> <safesearch_enable>Enable</safesearch_enable> <safesearch_youtube>Strict</safesearch_youtube> <safesearch_firefoxdoh>Enable</safesearch_firefoxdoh> </pfblockerngsafesearch>John
-
This is what I have:
<pfblockerngsafesearch> <safesearch_enable>Enable</safesearch_enable> <safesearch_youtube>Disable</safesearch_youtube> <safesearch_firefoxdoh>Disable</safesearch_firefoxdoh> </pfblockerngsafesearch> -
Hello!
I believe the safesearch is also used a whitelist.
John
-
-
was this ever resolved? sorry for the necro, but I have same EXACT problem, youtube being whitelisted, no whitelist configured and no safe search enabled...
-
@iTestAndroid said in pfBlocker hidden whitelists:
"/var/db/pfblockerng/pfbdnsblsuppression.txt"
is created with what you've entered here :
Firewall > pfBlockerNG > DNSBL
at the bottom, you have a "DNSBL Whitelist", deploy it and the info shown there creates "/var/db/pfblockerng/pfbdnsblsuppression.txt".When I empty :
the file will be nearly empty (just one line).
Where does "yandex" etc comes from ?
Well ... ask
SSH into your box (or console), option 8.
Goto /usr/local/pkg/pfblockerng:grep -R 'yandex' *or
grep -R 'adservices' *These files come with pfblockerng when you install it.
You'll find pfb_py_hsts.txt.What I know : this file contains sites that are known to use "hsts" (wikipedia hsts please).
Anyway .....
I've emptied my 'master' DNSBL whitelist and now :
as you can see, "Whitelist" only contains "localhost.localdomain"
