Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL not creating firewall rules

    Scheduled Pinned Locked Moved pfBlockerNG
    pfblockerngdnsblfirewall rules
    24 Posts 3 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @FredMcfly
      last edited by Bob.Dig

      @fredmcfly Give an example with screenshot. It is working here.
      Edit: Maybe your Browser is not using the pfSense DNS but something different, maybe even DoH.

      F 1 Reply Last reply Reply Quote 0
      • F
        FredMcfly @Bob.Dig
        last edited by

        @bob-dig
        So only some of the websites are being logged. But ones that aren't blocked are not logged.

        Bob.DigB 1 Reply Last reply Reply Quote 0
        • Bob.DigB
          Bob.Dig LAYER 8 @FredMcfly
          last edited by Bob.Dig

          @fredmcfly said in DNSBL not creating firewall rules:

          But ones that aren't blocked are not logged.

          Which is again normal.

          F 1 Reply Last reply Reply Quote 0
          • F
            FredMcfly @Bob.Dig
            last edited by

            @bob-dig I agree that it is normal to have a log for a website that is blocked.

            So any ideas why a website that is listed in the block list, fails to be blocked?

            I have added rules to block DNS requests to the outside following this recipe.

            Basically it blocks all outside DNS requests but allows requests to the local DNS Resolver.

            Bob.DigB 1 Reply Last reply Reply Quote 0
            • Bob.DigB
              Bob.Dig LAYER 8 @FredMcfly
              last edited by

              @fredmcfly For example, you probably can't block DoH like this, so you have to check your browser settings.
              Also post some screenshots what you have done and what is not working as expected.

              F 1 Reply Last reply Reply Quote 0
              • F
                FredMcfly @Bob.Dig
                last edited by FredMcfly

                @bob-dig
                OK, I checked the browser and it is not using DoH, see figure below or click on this link:

                566e662c-145a-4244-9eef-7c3654bb74fd-image.png

                Here are my DNSBL settings:
                b320abca-a7da-4171-9363-b345e0d88020-image.png

                08cc3792-6668-4746-bf68-715b6afdc029-image.png

                f91dd301-e4b9-4f29-b9de-a982cac28f42-image.png

                b952dee3-44f4-4a08-92a3-73883952b7cc-image.png

                DNSL Feeds
                b19a9d5b-ff16-4090-9184-b72924d185d5-image.png

                My blacklist feed settings:
                d4126f2a-b598-4f0e-b49e-d48f1c02ada4-image.png
                e3198499-2a83-410c-941b-ef3a95801ce7-image.png

                When I do a force update, the feeds are downloaded and updated. Including my blacklist.

                ===[ DNSBL Domain/IP Counts ] ===================================

 1221752 total
  704572 /var/db/pfblockerng/dnsbl/Shallalist_porn.txt
  150125 /var/db/pfblockerng/dnsbl/Maltrail_BD.txt
  122595 /var/db/pfblockerng/dnsbl/C19_CTC.txt
   97559 /var/db/pfblockerng/dnsbl/Shallalist_porn_v4.ip
   29312 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt
   28363 /var/db/pfblockerng/dnsbl/Shallalist_redirector.txt
   14523 /var/db/pfblockerng/dnsbl/Shallalist_gamble.txt
   14273 /var/db/pfblockerng/dnsbl/SWC.txt
   10633 /var/db/pfblockerng/dnsbl/EasyList.txt
    8449 /var/db/pfblockerng/dnsbl/Adaway.txt
    6999 /var/db/pfblockerng/dnsbl/Spam404.txt
    6827 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
    6612 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn_v4.ip
    6435 /var/db/pfblockerng/dnsbl/MVPS.txt
    3034 /var/db/pfblockerng/dnsbl/Shallalist_dating.txt
    2507 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt
    1985 /var/db/pfblockerng/dnsbl/Krisk_C19.txt
    1951 /var/db/pfblockerng/dnsbl/Shallalist_models.txt
    1464 /var/db/pfblockerng/dnsbl/Yoyo.txt
    1180 /var/db/pfblockerng/dnsbl/Shallalist_redirector_v4.ip
    1146 /var/db/pfblockerng/dnsbl/Shallalist_sex_lingerie.txt
     482 /var/db/pfblockerng/dnsbl/myblacklist.txt
     390 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn.txt
     158 /var/db/pfblockerng/dnsbl/Shallalist_sex_education.txt
      98 /var/db/pfblockerng/dnsbl/Juniper_v4.ip
      42 /var/db/pfblockerng/dnsbl/Shallalist_gamble_v4.ip
      23 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt
       6 /var/db/pfblockerng/dnsbl/Juniper.txt
       5 /var/db/pfblockerng/dnsbl/myblacklist_v4.ip
       2 /var/db/pfblockerng/dnsbl/EasyList_v4.ip
       1 /var/db/pfblockerng/dnsbl/Shallalist_models_v4.ip

                If I look at myblacklist_v4.txt I find the following lines as expected:

                local-data: "redd.it 60 IN A 10.10.10.1"
local-data: "reddit-com.poiu.icu 60 IN A 10.10.10.1"
local-data: "reddit.com 60 IN A 10.10.10.1"
local-data: "reddup.co 60 IN A 10.10.10.1"

                But if I enter reddit.com in my browser, I can still access it and click on links. So the website is not cached in the browser and it is not blocked.

                pfSense says my DNS servers are as follows:
                164e3b6d-307f-4eca-b950-a557c664cdc8-image.png

                Any other information that may be helpful?

                F 1 Reply Last reply Reply Quote 0
                • F
                  FredMcfly @FredMcfly
                  last edited by

                  Here are my Firewall rules to block DNS request to ports 53 and 853, and to force DNS request to local:
                  37e9164a-3d2b-4cef-aff0-8a826722cde3-image.png

                  F 1 Reply Last reply Reply Quote 0
                  • F
                    FredMcfly @FredMcfly
                    last edited by

                    DNS Resolver Settings:
                    d4bc73a9-abf2-4451-9999-5e6ed482254d-image.png
                    5480b739-dec2-42e6-a80b-2d71f1b03e8f-image.png
                    8c58c9a7-455e-4fab-b1f4-c15e706e0e48-image.png

                    1 Reply Last reply Reply Quote 0
                    • F
                      FredMcfly
                      last edited by

                      So I did some experimenting and some websites in my list are indeed blocked, but other websites are not blocked even though they are listed in the file /var/db/pfblockerng/dnsbl/myblacklist.txt

                      I'm not sure why this is happening.

                      1 Reply Last reply Reply Quote 0
                      • Bob.DigB
                        Bob.Dig LAYER 8
                        last edited by Bob.Dig

                        I added reddit.com to the DNSBL Custom_List of malicious and it worked, after pfBlocker run the usual update.
                        Also I don't needed any firewallrules for that, because it is all dns based.

                        Capture.PNG

                        Edit: I tried your list, problem seems to be that reddit.com is blocked, but not www.reddit.com.

                        F 1 Reply Last reply Reply Quote 0
                        • F
                          FredMcfly @Bob.Dig
                          last edited by

                          @bob-dig
                          I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)

                          I have tried on different computers on the network and they can still access it.

                          I have also tried on three different browsers.

                          I am really confused why some sites are blocked while others are not.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.