blocked domain not by pfblocker
-
@scorpoin said in blocked domain not by pfblocker:
Any idea where else to look for this block.
Hi,
for me, this feed blocks (Adaway):
put it on a whitelist,.....- if you want, but not in vain it is blocked I think
+++edit:
-
Thanks for your prompt response , I've added it into white list and issue is resolved . But strange thing was I was unable to find it in logs :/ .
-
@scorpoin said in blocked domain not by pfblocker:
But strange thing was I was unable to find it in logs :/ .
Follow these steps as well:
- delete log files from, - /var/log/pfblockerng/*
- clear the dashboard counters with the trash icon
and "reload / all
-
@scorpoin said in blocked domain not by pfblocker:
I've added it into white list
....and you edited the title
-
-
@gertjan Now again same block issuewith
seal.verisign.com
and I've check in report then filter no use could not find it . I've checked all log files in /var/log/pfblocker/ as well , I could not find it there. Why this strange behavior am I missing some thing. Or it is kind of a bug or something.
Regards
-
@scorpoin said in blocked domain not by pfblocker:
Or it is kind of a bug or something.
Why wondering ?
All you need is a keyboard and type on your PC :
C:\Users\Gauche>nslookup seal.verisign.com Serveur : pfsense.brit-hotel-fumel.net Address: 2001:470:1f13:5c0:2::1 Réponse ne faisant pas autorité : Nom : e19.e2.akamaiedge.net Address: 96.7.226.30 Aliases: seal.verisign.com seal.verisign.com.edgekey.net
About pfBlockerNg : the "program" ; when you install it, it does nothing at all.
It actually starts when the admin start filling it up. The main question is : with what - what's in these list ??
If pfBlockerNG was blocking, you would see this :C:\Users\Gauche>nslookup seal.verisign.com Serveur : pfsense.brit-hotel-fumel.net Address: 2001:470:1f13:5c0:2::1 Nom : seal.verisign.com Address: 10.10.10.1
Note : that is, if 10.10.10.1 is the default pfBlockerNG web server and you kept related settings to default.
@scorpoin said in blocked domain not by pfblocker:
I've checked all log files in /var/log/pfblocker/ as well , I could not find it there
Look again : Firewall > pfBlockerNG > Log Browser and look at the dns_reply.log :
Btw : I'm using the newer Python mode - not the older Unbound mode.
This is checked :
And one sure thing : I'm using the resolver with (close to) default settings.
You are using pfBlockerNG-devel 3.0.0_8, right ?
-
@gertjan said in blocked domain not by pfblocker:
@scorpoin said in blocked domain not by pfblocker:
Or it is kind of a bug or something.
Why wondering ?
All you need is a keyboard and type on your PC :
C:\Users\Gauche>nslookup seal.verisign.com Serveur : pfsense.brit-hotel-fumel.net Address: 2001:470:1f13:5c0:2::1 Réponse ne faisant pas autorité : Nom : e19.e2.akamaiedge.net Address: 96.7.226.30 Aliases: seal.verisign.com seal.verisign.com.edgekey.net
About pfBlockerNg : the "program" ; when you install it, it does nothing at all.
It actually starts when the admin start filling it up. The main question is : with what - what's in these list ??
If pfBlockerNG was blocking, you would see this :C:\Users\Gauche>nslookup seal.verisign.com Serveur : pfsense.brit-hotel-fumel.net Address: 2001:470:1f13:5c0:2::1 Nom : seal.verisign.com Address: 10.10.10.1
Note : that is, if 10.10.10.1 is the default pfBlockerNG web server and you kept related settings to default.
@scorpoin said in blocked domain not by pfblocker:
I've checked all log files in /var/log/pfblocker/ as well , I could not find it there
Look again : Firewall > pfBlockerNG > Log Browser and look at the dns_reply.log :
Btw : I'm using the newer Python mode - not the older Unbound mode.
This is checked :
And one sure thing : I'm using the resolver with (close to) default settings.
You are using pfBlockerNG-devel 3.0.0_8, right ?
Yes you are right. is there any problem with that version?. I've added that URL into whitelist now waiting for an other surprise :D.
Regards
-
@scorpoin said in blocked domain not by pfblocker:
I've added that URL into whitelist
Or remove the feed that blocks a domain name like "verisign.com", as we would all agree that blocking Verisign would be plain stupid. Consider this feed as hacked.
Btw : IP's like 8.8.8.8 were recently seen on some IP lists. Although I can somewhat understand that one, you can image that that really hurts all those 'ignorants' that use 8.8.8.8 for dpinger Monitoring IP which is of course a big "don't do that". Now they know why.
-
@gertjan I agreed but issue is I was unable to find that in any list of feed thats strange , even I looked up logs files of pfblocker
fgrep "verisign" /var/log/pfblocker -R
nothing found so far
-
This post is deleted! -
Hmmmmmm
[2.4.5-RELEASE][root@pfsense.brit-hotel-fumel.net]/root: grep "verisign" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld /var/db/pfblockerng/dnsblorig/MVPS.orig:0.0.0.0 verisignwildcard.112.2o7.net #[sitefinder.verisign.com] /var/db/pfblockerng/dnsblorig/OISD.orig:0.0.0.0 oracleverisign.com /var/db/pfblockerng/dnsblorig/OISD.orig:0.0.0.0 verisign.bfast.com /var/db/pfblockerng/dnsblorig/OISD.orig:0.0.0.0 verisign.tt.omtrdc.net /var/db/pfblockerng/dnsblorig/OISD.orig:0.0.0.0 verisignwildcard.112.2o7.net /var/db/pfblockerng/dnsblorig/OISD.orig:0.0.0.0 www.oracleverisign.com /var/db/pfblockerng/dnsblorig/SWC.orig:#127.0.0.1 sitefinder.verisign.com # Verisign has joined the game /var/db/pfblockerng/dnsblorig/SWC.orig:#127.0.0.1 sitefinder-idn.verisign.com # of trying to hijack mistyped /var/db/pfblockerng/dnsblorig/SWC.orig:127.0.0.1 verisignwildcard.112.2o7.net /var/db/pfblockerng/dnsblorig/oisd_nl.orig:verisign.bfast.com /var/db/pfblockerng/dnsblorig/oisd_nl.orig:verisign.tt.omtrdc.net /var/db/pfblockerng/dnsblorig/oisd_nl.orig:verisignwildcard.112.2o7.net
-
This post is deleted! -
This post is deleted! -
@gertjan well strange after moving to latested 3.0.0.8 pfblockerng-devel . Things have chagned .
nslookup facebook.com Server: pfSense.local.landomain Address: 172.16.159.254 Name: facebook.com Addresses: ::10.10.10.1 10.10.10.1
When accessing it via brower Im able to broser facebook , youtube etc. which have been blocked in older version :/ . Do I need any extra cnfig to make it work. I'm using unresolver as DNS should I disable it?
Stopping Unbound Resolver.............................. Additional mounts (DNSBL python): No changes required. Starting Unbound Resolver. DNSBL enabled FAIL *** Fix error(s) and a Force Reload required! *** ==================== [1610791470] unbound[39902:0] error: bind: address already in use [1610791470] unbound[39902:0] fatal error: could not open ports
Now revert back the setting to unbound from python.
Regards