DNSBL not creating firewall rules
-
@antonio-briguglio
Yes, I did that already.Quote: "I have tried enabling and disabling "Permit Firewall Rules" with "LAN" selected"
-
@fredmcfly Uninstall the pfblockerNg package and then reinstall it,
-
@fredmcfly https://www.tecmint.com/install-configure-pfblockerng-dns-black-listing-in-pfsense/
-
@antonio-briguglio
https://www.firewallhardware.it/pfblockng-filtraggio-domini-e-url/
configure as described in the two guides. A guide is in Italian but with screenshoots and easy to understand -
@antonio-briguglio
I have tried to use these, but only part of it applies because I am using pfBlockerNG-devel 3.0.0_15 and the instructions at those websites use pfBlockerNG 2.x Release. So a lot of the options are no longer in version 3.0.0_15. -
@antonio-briguglio
Yes, I reinstalled pflbockerng several times as well, in fact I even reinstalled pfSense from scratch. -
I even removed version 3.0 (Keep settings was not checked) and installed 2.1.4_25 and I still cannot block websites.
-
@fredmcfly DNSBL doesn't need any firewall rules, it is blocked in DNS.
-
@bob-dig
That makes sense. Didn't think about that. But then why aren't websites blocked? -
@fredmcfly said in DNSBL not creating firewall rules:
Websites that should be blocked do show up in the Reports->Alerts tab.
That is like it should be.
-
@bob-dig But I can still access the websites.
-
@fredmcfly Give an example with screenshot. It is working here.
Edit: Maybe your Browser is not using the pfSense DNS but something different, maybe even DoH. -
@bob-dig
So only some of the websites are being logged. But ones that aren't blocked are not logged. -
@fredmcfly said in DNSBL not creating firewall rules:
But ones that aren't blocked are not logged.
Which is again normal.
-
@bob-dig I agree that it is normal to have a log for a website that is blocked.
So any ideas why a website that is listed in the block list, fails to be blocked?
I have added rules to block DNS requests to the outside following this recipe.
Basically it blocks all outside DNS requests but allows requests to the local DNS Resolver.
-
@fredmcfly For example, you probably can't block DoH like this, so you have to check your browser settings.
Also post some screenshots what you have done and what is not working as expected. -
@bob-dig
OK, I checked the browser and it is not using DoH, see figure below or click on this link:
Here are my DNSBL settings:
DNSL Feeds
My blacklist feed settings:
When I do a force update, the feeds are downloaded and updated. Including my blacklist.
===[ DNSBL Domain/IP Counts ] =================================== 1221752 total 704572 /var/db/pfblockerng/dnsbl/Shallalist_porn.txt 150125 /var/db/pfblockerng/dnsbl/Maltrail_BD.txt 122595 /var/db/pfblockerng/dnsbl/C19_CTC.txt 97559 /var/db/pfblockerng/dnsbl/Shallalist_porn_v4.ip 29312 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt 28363 /var/db/pfblockerng/dnsbl/Shallalist_redirector.txt 14523 /var/db/pfblockerng/dnsbl/Shallalist_gamble.txt 14273 /var/db/pfblockerng/dnsbl/SWC.txt 10633 /var/db/pfblockerng/dnsbl/EasyList.txt 8449 /var/db/pfblockerng/dnsbl/Adaway.txt 6999 /var/db/pfblockerng/dnsbl/Spam404.txt 6827 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt 6612 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn_v4.ip 6435 /var/db/pfblockerng/dnsbl/MVPS.txt 3034 /var/db/pfblockerng/dnsbl/Shallalist_dating.txt 2507 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt 1985 /var/db/pfblockerng/dnsbl/Krisk_C19.txt 1951 /var/db/pfblockerng/dnsbl/Shallalist_models.txt 1464 /var/db/pfblockerng/dnsbl/Yoyo.txt 1180 /var/db/pfblockerng/dnsbl/Shallalist_redirector_v4.ip 1146 /var/db/pfblockerng/dnsbl/Shallalist_sex_lingerie.txt 482 /var/db/pfblockerng/dnsbl/myblacklist.txt 390 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn.txt 158 /var/db/pfblockerng/dnsbl/Shallalist_sex_education.txt 98 /var/db/pfblockerng/dnsbl/Juniper_v4.ip 42 /var/db/pfblockerng/dnsbl/Shallalist_gamble_v4.ip 23 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt 6 /var/db/pfblockerng/dnsbl/Juniper.txt 5 /var/db/pfblockerng/dnsbl/myblacklist_v4.ip 2 /var/db/pfblockerng/dnsbl/EasyList_v4.ip 1 /var/db/pfblockerng/dnsbl/Shallalist_models_v4.ipIf I look at
myblacklist_v4.txtI find the following lines as expected:local-data: "redd.it 60 IN A 10.10.10.1" local-data: "reddit-com.poiu.icu 60 IN A 10.10.10.1" local-data: "reddit.com 60 IN A 10.10.10.1" local-data: "reddup.co 60 IN A 10.10.10.1"But if I enter
reddit.comin my browser, I can still access it and click on links. So the website is not cached in the browser and it is not blocked.pfSense says my DNS servers are as follows:
Any other information that may be helpful?
-
Here are my Firewall rules to block DNS request to ports 53 and 853, and to force DNS request to local:
-
DNS Resolver Settings:
-
So I did some experimenting and some websites in my list are indeed blocked, but other websites are not blocked even though they are listed in the file
/var/db/pfblockerng/dnsbl/myblacklist.txtI'm not sure why this is happening.
