PfBlockerNG v2.1 w/TLD
-
Hi there I followed this guide, http://fredmerc.com/2016/07/15/pfsense-adblock-using-pfblockerng-guide/ a rather short setup, there is only DNSBL and no IP4 is that new or is this guide missing it? Thanks for any help.
Here are the original pfBlockerNG thread https://forum.pfsense.org/index.php?topic=86212.0
and the pfBlockerNG v2.0 w/DNSBL thread https://forum.pfsense.org/index.php?topic=102470 -
I am getting this error when I try to use the Spamhaus list in this tread.
===[ DNSBL Process ]================================================
[ EasywoElements ] exists.
[ SpamHouse_TLDS ] Downloading update .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
3 3 0 0 0 3
----------------------------------------------------------------------[ DNSBL FAIL ] [ Skipping : SpamHouse_TLDS ]
[1470071701] unbound-checkconf[87654:0] error: error parsing local-data at 38 '(xmlhttp.readystate 60 IN A 10.10.10.1': Syntax error, could not parse the RR
[1470071701] unbound-checkconf[87654:0] error: Bad local-data RR (xmlhttp.readystate 60 IN A 10.10.10.1
[1470071701] unbound-checkconf[87654:0] fatal error: failed local-zone, local-data configuration
[ Malware_1month ] Downloading update [ 08/01/16 12:15:01 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
1221 956 0 0 0 956
----------------------------------------------------------------------[ Malware_1week ] Downloading update [ 08/01/16 12:15:04 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
526 487 487 0 0 0
----------------------------------------------------------------------[ Malware_1day ] Downloading update [ 08/01/16 12:15:05 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
48 47 47 0 0 0
----------------------------------------------------------------------[ Malware_1hour ] Downloading update .. 200 OK
Remote timestamp missing
No Domains Found–----------------------------------------
Assembling database... completed
Executing TLD
TLD analysis. completed
Finalizing TLD... completedOriginal Matches Removed Final
6062 5530 1 6061
Validating database... completed [ 08/01/16 12:15:08 ]
Reloading Unbound…. completed
DNSBL update [ 6061 | PASSED ]… completed -
Which Spamhaus URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
-
Which Spamhouse URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
Thank you.
i see my mistake now.
I was certain I had 2 feeds that contained data but I must have misplaced it? -
Read the first posts (or more ;)) of each of these threads:
pfBlockerNG
pfBlockerNG v2.0 w/DNSBL
pfBlockerNG v2.1 w/TLDYou will find some posts about IP and DNSBL Feed.
-
First of all thank you very much for your hard work and this awesome package!
I was just wondering is it possible to somehow change the Rule Order setting to something like:
pfB_Pass/Match | pfB_Block/Reject | All other Rules | (original format)
so the first IP-list would be the whitelist?Right now I can't seem to figure out how to make custom LAN IPv4 whitelist (Permit_Outbound) rule to be the first in the rule list of the LAN interface. If I manually move it first. Next list update puts it bellow the blocklists (Deny_Outbound) again. Right now only the default setting | pfB_Block/Reject | All other Rules | (Original format) is partly usable for me (whitelist won't work) and all other rule order settings just mess my original LAN rules.
I use Traffic Shaper queues in the floating rules so prefer not to move pfBlockerNG's rules in there too.
Is this somehow possible or what am I missing, thanks?
-
Which version are you using ?
with pfBlockerNG 2.1.1_2 I have these choices.
And you can still use the Floating Rules, it won't affect the Traffic Shaper rules.
-
Which Spamhouse URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
Thank you.
i see my mistake now.
I was certain I had 2 feeds that contained data but I must have misplaced it?The https://www.spamhaus.org/statistics/tlds/ page can be useful to find TLD to put in the TLD Blacklist.
-
There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20
Check what is selected in this tab, as i had a similar problem and found since the update that the inverse of what i had previously selected had been selected causing over 1.5M IP's for this section and using up all the available memory.
Rob
-
-
When I try to add a new TLD Blacklist i.e. "Google.com", I get the following error:
Clearing all DNSBL Feeds… completed
Executing TLD
Blocking full TLD/Sub-Domain(s)... |google.com| completed
TLD analysis completed
Finalizing TLD... head: 1: No such file or directory
tail: 1: No such file or directory
completedOriginal Matches Removed Final
0 0 -1 1
Validating database... completed
DNSBL enabled FAIL - restoring Unbound conf
/var/unbound/pfb_dnsbl.conf:1: error: unknown keyword '.google.com'
/var/unbound/pfb_dnsbl.conf:1: error: unknown keyword '60'
read /var/unbound/unbound.tmp failed: 2 errors in configuration fileAny ideas why DNSBL is failing to add the TLD blacklist entries?
Thanks.
-
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.This is the part of pfblockerNG log after the last DNSBL feed
[ BBC_C2 ] Reload [ 08/08/16 15:25:16 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 332 332 331 0 0 1 ---------------------------------------------------------------------- [ DNSBL_IP ] Updating aliastable [ 08/08/16 15:25:22 ]... no changes. Total IP count = 280 ------------------------------------------ Assembling database... completed Executing TLD Blocking full TLD/Sub-Domain(s)... |google.com| completed TLD analysis...xxxxxxxxxxx completed ** TLD Domain count exceeded. [ 250000 ] All subsequent Domains listed as-is ** Finalizing TLD... completed ---------------------------------------- Original Matches Removed Final ---------------------------------------- 1323464 87716 169286 1154178 ----------------------------------------- Validating database... completed [ 08/08/16 15:31:20 ] Reloading Unbound.... completed DNSBL update [ 1154178 | PASSED ]... completed [ 08/08/16 15:32:02 ] ------------------------------------------ ===[ Continent Process ]============================================
-
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.No, I only want to block a couple domains and not use any DNSBL lists.
Must I have a DNSBL list for TLD to work?
-
Do you have any DNSBL feeds defined and enabled?
I did put Google.com in the DNSBL TLD Blacklist, ran a Force Reload and things looks ok.No, I only want to block a couple domains and not use any DNSBL lists.
I solved the issue by create a dummy feed, the inside the feed add the "Custom Block List" this seems to allow the domains to be blocked.
Is this the expected behaviour?
Well maybe nobody tested a setup without any DNSBL feed. Using a Custom Block List does create a feed and seems to remove the issue.
-
Well maybe nobody tested a setup without any DNSBL feed. Using a Custom Block List does create a feed and seems to remove the issue.
BBCan177 got back to me even though he was on vacation (thanks!).
Basically create a dummy DNSBL feed, in the bottom section called Custom Domains, add the subdomains there. This will block the domains correctly.
-
Hello BBcan177 and pfsense users,
Great work on pfblockerng. I have one question. I have DNSBL listening port 8081 and when I type 10.10.10.1:8081 I get the gif image. Now when I try the DNSBL SSL listening port 8443 10.10.10.1:8443 I get the connection was reset. So it doesn't work.
I have been doing some reading on why I was getting the "googleads.g.doubleclick.net" and in one post someone talked about limiters causing problem. I don't have any limiters setup. I think it's because DNSBL SSL isn't working.
Anyone have an idea why DNSBL SSL isn't working for me ?
Thanks
-
http://10.10.10.1:8443 return a gif
It should be https://10.10.10.1:443 but that doesn't return and doesn't it log to dnsbl.log either.
-
I tried https://10.10.10.1:443 and it returned a gif so that works. Anyone else have the google ads certificate popup? I get the popup in Safari and in Firefox I see the error message where the ads used to be.
It would be nice to have just empty space without the error.
Thanks Ronpfs for your reply.
-
You have the URL that generate the errors so I can reproduce here?
-
I have been surfing the web to find one. Just cause i'm trying I am having a hard time.
This site did it once on my desktop but didn't do it on my phone.
https://www.instantssl.com/ssl-certificate-products/https.html