Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. dnsbl
    Log in to post
    • All categories
    • sazanofS

      Captive portal & external DNS Server - not redirecting

      Captive Portal
      • captiveportal captive portal dns resolver dnsbl • • sazanof
      5
      0
      Votes
      5
      Posts
      659
      Views

      sazanofS

      @Gertjan

      Yes, it turns out a whole trip to the theater.😊
      Also, it turns out that the problem is solved, the solution (in my case) is found, published. Maybe it will help someone.

      Thank you very much!

      As for DNSBL - perhaps I will create a new topic.

    • motivioM

      Rest DNSBL Block Stats

      pfBlockerNG
      • pfblocker dnsbl stats • • motivio
      2
      0
      Votes
      2
      Posts
      967
      Views

      N

      @motivio said in Rest DNSBL Block Stats:

      Hi,
      How can I rest the "DNSBL Block Stats" of the pfBlockerNG?
      Thanks!

      There are two ways you can do this.

      Go to Firewall / pfBlockerNG and then click on Logs tab. In dropdown menu under Log/File selection select dnsbl.log and click on a trash can to remove.

      2750dc31-42f8-4348-991d-87bccd753836-image.png

      Go to Diagnostics / Command Prompt and type this into Execute Shell Command field: rm -rf /var/log/pfblockerng/dnsbl.log

      Click on yellow execute button and thats it.

      880a2ea4-af7f-47f1-861e-13b3206be784-image.png

    • T

      Geoblocking the world except for home

      pfBlockerNG
      • geolocation rules dnsbl geoblocking • • TrigglePuff
      11
      0
      Votes
      11
      Posts
      1.5k
      Views

      NogBadTheBadN

      @steveits said in Geoblocking the world except for home:

      @nogbadthebad Since you showed "alias permit" just be aware that reportedly de-dupes across other permit or deny lists. There was a thread last year sometime where someone pointed out IPs were being removed. Alias Native will leave the lists unchanged.

      Cheers I've changed them :)

    • V

      DNSBL and WhatsApp calls not working

      pfBlockerNG
      • pfblockerng dnsbl • • valepe69
      3
      0
      Votes
      3
      Posts
      734
      Views

      V

      @bob-dig
      I tryed to disabled all lists but Wa still not working.
      And yes, no logging about the call blocks.
      So you're disconnect from wifi every time you make or receive a call? I hope in a solution.

    • M

      pfBlockerNG DNSBL: NTP Service uses Virtual IP Address

      pfBlockerNG
      • pfblockerng dnsbl ntp virtual ip • • Marco 42
      8
      0
      Votes
      8
      Posts
      1.5k
      Views

      dennypageD

      @marco-42 Welcome

    • R

      DNS queries failing during DNSBL reload

      pfBlockerNG
      • unbound dnsbl pfblockerng dns • • rvjr
      2
      0
      Votes
      2
      Posts
      663
      Views

      S

      @rvjr On pfSense unbound generally restarts. See
      https://redmine.pfsense.org/issues/5413

    • R

      Unbound reload fails with large DNSBL feed

      pfBlockerNG
      • unbound dnsbl pfblockerng • • rvjr
      1
      0
      Votes
      1
      Posts
      395
      Views

      No one has replied

    • V

      DNSBL Stops DNS Service (Solved)

      Firewalling
      • pfblocker dnsbl dns resolver • • Visseroth
      15
      0
      Votes
      15
      Posts
      4.4k
      Views

      GertjanG

      @the-other said in DNSBL Stops DNS Service (Solved):

      pfblockerng_dev (do not know about the other one) does NOT reload a list from servers if there are noch changes.
      It seems "smart" enough to recognize a change in the list.
      No changed list > no download (at least that's what the log says...

      I hope so, I'm not so sure.

      File attributes, size, last modified time stamp etc are needed before the file gets downloaded again.
      But :
      /usr/local/pkg/pfblockerng/pfblockerng.inc line 3373 :

      if (($fhandle = @fopen("{$file_dwn}.raw", 'w')) !== FALSE) {

      The local destination file is opened for writing - so initial file size date etc are lost : CURL doesn't cache by itself : the file can only be re downloaded at this stage.

      Also :
      /usr/local/pkg/pfblockerng/pfblockerng.inc line 170 :

      CURLOPT_FRESH_CONNECT => true

      Now read Is there a way to tell curl to not use cache

      edit :
      I forget something : most feeds are https://..... and default TLS web server caching is : no caching.
      So even if you, on the receiving side, are ok to receive a cached version, you still get the entire file again.

      Btw :less used download methods like rsync are version/date/time aware.

    • F

      DNSBL not creating firewall rules

      pfBlockerNG
      • pfblockerng dnsbl firewall rules • • FredMcfly
      24
      0
      Votes
      24
      Posts
      4.3k
      Views

      F

      @bob-dig
      I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)

      I have tried on different computers on the network and they can still access it.

      I have also tried on three different browsers.

      I am really confused why some sites are blocked while others are not.

    • D

      Show dnsbl_default.php for https sites

      General pfSense Questions
      • pfblockerng pfsense dnsbl • • diegobph
      3
      0
      Votes
      3
      Posts
      1.2k
      Views

      stephenw10S

      Yup that^. You can't make that page work for https as long as you have any sort of sane security in your browser.

      Steve

    • J

      Apply pfBlockerNG DNSBL to one VLAN but not the LAN (or other VLAN)?

      pfBlockerNG
      • dnsbl vlan dns resolver • • J24
      4
      1
      Votes
      4
      Posts
      1.8k
      Views

      A

      @j24 I added a NAT rule that redirects the DNS requests from the VLAN to a known DNS e.g. 8.8.8.8. It's not the best solution I hope someone can help us separate pfBlocker from the other VLANs.

    • T

      Pfblocker NAT rules.

      pfBlockerNG
      • pfblockerng dnsbl firewall rules nat • • tbr281
      2
      0
      Votes
      2
      Posts
      877
      Views

      K

      I'm having the same issue with pfBlocker and NAT rules. I have no issues adding white-list rules for my devices that are on a directly routed subnet. But trying to figure out how to handle an allow rule for an existing NAT rule is causing issues.

      Have you found any solution yourself as of yet?

    • S

      Can't get DNSBL to work

      pfBlockerNG
      • dnsbl unbound pfblockerng • • SteelCityColt
      6
      0
      Votes
      6
      Posts
      2.0k
      Views

      S

      Solved it guys, did some googling on that SSL error and found another post here:

      In
      /var/unbound

      Delete
      dnsbl_cert.pem
      unbound_control.key
      unbound_control.pem
      unbound_server.key
      unbound_server.pem

      Reboot and run force update/reload.

      DNSBL now up and running. Thanks for the help in diagnosing guys.

    • C

      PfBlockerNG Blocking Google Home

      pfBlockerNG
      • dnsbl pfblockerng blocking google home suricata • • ccigas
      5
      0
      Votes
      5
      Posts
      2.9k
      Views

      E

      I have the same problem but also my google home is blocking, i have added some IP adresses of google but not helped me.

      Anyone a suggestion about that? I think i am not the anyone that this problem have with Google services.

    • S

      DNSBL Auto whitelisting happing ?

      pfBlockerNG
      • whitelist dnsbl • • sesipod
      11
      0
      Votes
      11
      Posts
      1.9k
      Views

      L

      @jot thanks for the info. You are right. Though I do not understand why to force whitelist google and yandex subdomains which are used for ads - ads.google.com|adservices.google.com. I just can not block ads if I enable safesearch option

    • R

      pfblockerng

      pfBlockerNG
      • pfblockerng shallalist alias categories dnsbl • • riaanwest
      2
      0
      Votes
      2
      Posts
      1.1k
      Views

      RonpfSR

      @riaanwest said in pfblockerng:

      Basically making pfblockerng to create an alias for each category referenced in shallalist so you can create manual firewall rules using those aliases pointing to lets say social networks?

      You can't use FW_Rules with DNSBL tables.

      DNSBL operate on the Domain Name space.

      Firewall rules operate on the IP space.

    • newyork10023N

      pfBlockerNG rule element modification and ordering

      pfBlockerNG
      • dnsbl whitelist rule ordering suspension pfblockerng • • newyork10023
      2
      0
      Votes
      2
      Posts
      1.1k
      Views

      BBcan177B

      @newyork10023 said in pfBlockerNG rule element modification and ordering:

      To begin, pfBlockerNG_devel 2.2.1_2 is awesome. Wow. Thanks.

      Thanks!

      Certain feeds are naughty. For example, adding RFC 1918 (Private Address Space), Multicast addresses, etc., etc., etc., is just BAD. Blocking possibly necessary system addresses, including multicast addresses, etc., is just NASTY. Adding a WhiteList is not going to fix this issue. These rule elements need to be culled from the list(s), and I mean permanently.

      By chance are you using Firehol Level1? That feed contains bogons and should not be used for Outbound blocking. You can also enable "Suppression" which will remove local/loopback addresss.

      A couple of feature suggestions for automatic rule insertion: use rule Separators to bind automatic rule insertion to specific places in the rules. (Indeed, one of my pet peeves is that automatic rules re-arrange Separator organization in seemingly random ways.). Another suggestion would be that automatic rule insertion should not re-arrange rule ordering AT ALL (after their initial placement). Subsequent rule updates should update rules IN PLACE. I like the possibility that Separators could be used to bind automatic rule insertion. But, disabling all automatic rule insertion needs to be an option for DNSBL.

      Firewall rule separators will be very difficult to implement with pfBlockerNG and auto rules...