PfBlockerNG missing some ads…



  • Hey all, a quick, few questions…

    I've installed pfBlockerNG and have it working.. and for the most part it's been working great.
    As a test, I've been going to a few sites that I know have a bunch of ads and viewing them with:
    a) Ad Blocker Plus Chrome extesion enabled... and
    b) ABP disabled

    I'm hoping that the sites look the same because of pfBlockerNG.

    For the most part this is true... but I have found some exceptions, which is odd because ABP uses EasyList, as does pfBlockerNG.
    So shouldn't they both block the same thing?

    For example...    this page:  https://torrentz.eu/verified?f=movies

    If viewed in Chrome with ABP enabled, there are no ads.
    If you view the page with ABP disabled, but with pfBlockerNG running on the router some ads sneak through.. some rather obtrusive ones actually… right at the top of the page there's a row of boxes, each with some sexually motivated advertising in them.

    Why is this if both ABP and pfBlocker use EasyList?

    I've also added some more lists into pfBlockerNG that I found on iBlock-Lists.

    My next question is this:  if some ads DO sneak through, how can I manually block them?

    Thanks guys!


  • Moderator

    Keep in mind that DNSBL blocks via Domain name, while AD Blocking in a browser, removes elements on the page from loading.

    If you see an AD on a page, right-click on the element and select "Inspect" in the browser… This will open a window which will show the details about the particular element.

    I inspected the AD in question for the site you referenced, and its pulling an AD from "mg.mgid.com". According to my tests, its being blocked by the feed hpHosts:

    grep "mg.mgid.com" /var/db/pfblockerng/dnsbl/*
        /var/db/pfblockerng/dnsbl/hpHosts_ads.txt:local-data: "mg.mgid.com 60 IN A 10.10.10.1"

    However, the Frame where the AD was to be displayed is still showing, and DNSBL cannot remove that as it only can block the DNS resolution to the AD Domains. But the frame has a could not load image in it.

    IBlock lists are IP based, and are not that great to block ADs… Refer to other Feeds that are listed in the first few pages of this thread which are DNSBL based.

    Should you find a Domain that is not being blocked, you can add the Domain to a DNSBL CustomList to have it blocked.



  • Hey, thanks for your reply!

    So, I was adding feeds to the IPV4 tab.. and also making a custom list in there (of domain names).
    What's the difference whether I do it there, or in the DNSBL feeds area?

    Thanks for the digging on that particular ad… soon after I wrote that post I did some digging of my own and found the same offending domain.

    Question, if I use say, for example, "mgid.com" as a domain in a custom list.. would that also block "mg.mgid.com"?



  • So, I'm not entirely sure of the difference, but I've moved my IPV4 (tab) custom list over to a DNSBL feed custom list… and now it doesn't work.
    I just have a few domain names in there right now, just to test it (www.yahoo.com, etc... )

    But nothing is being blocked...I've looked through the settings a lot and it looks (to me) like everything is setup properly.

    I've posted a few screen shots of my settings below.. maybe someone can show me where I've gone wrong.
    I also force an update after I change any settings or add anything to my custom list.

    Oh also, on the Dashboard page in the pfBlocker widget, it shows my custom list, shows 2 for how many domains are in it.. but shows 0 for packets... after several attempts at going to the domains in that list. It also shows 0 for the Ads feed I setup.. however, it does show blocked packets for the EasyList.

    Have a look at the screen shots.

    Thanks!!

    ![2016-07-20 15_25_01-pfsense.myhouse - Firewall_ pfBlockerNG_ Edit_ DNSBL Feeds.png](/public/imported_attachments/1/2016-07-20 15_25_01-pfsense.myhouse - Firewall_ pfBlockerNG_ Edit_ DNSBL Feeds.png)
    ![2016-07-20 15_25_01-pfsense.myhouse - Firewall_ pfBlockerNG_ Edit_ DNSBL Feeds.png_thumb](/public/imported_attachments/1/2016-07-20 15_25_01-pfsense.myhouse - Firewall_ pfBlockerNG_ Edit_ DNSBL Feeds.png_thumb)
    ![2016-07-20 15_26_02-pfsense.myhouse - Firewall_ pfBlockerNG_ DNSBL.png](/public/imported_attachments/1/2016-07-20 15_26_02-pfsense.myhouse - Firewall_ pfBlockerNG_ DNSBL.png)
    ![2016-07-20 15_26_02-pfsense.myhouse - Firewall_ pfBlockerNG_ DNSBL.png_thumb](/public/imported_attachments/1/2016-07-20 15_26_02-pfsense.myhouse - Firewall_ pfBlockerNG_ DNSBL.png_thumb)
    ![2016-07-20 15_27_09-pfsense.myhouse - Firewall_ pfBlockerNG_ General.png](/public/imported_attachments/1/2016-07-20 15_27_09-pfsense.myhouse - Firewall_ pfBlockerNG_ General.png)
    ![2016-07-20 15_27_09-pfsense.myhouse - Firewall_ pfBlockerNG_ General.png_thumb](/public/imported_attachments/1/2016-07-20 15_27_09-pfsense.myhouse - Firewall_ pfBlockerNG_ General.png_thumb)
    ![2016-07-20 15_30_24-pfsense.myhouse - Status_ Dashboard.png](/public/imported_attachments/1/2016-07-20 15_30_24-pfsense.myhouse - Status_ Dashboard.png)
    ![2016-07-20 15_30_24-pfsense.myhouse - Status_ Dashboard.png_thumb](/public/imported_attachments/1/2016-07-20 15_30_24-pfsense.myhouse - Status_ Dashboard.png_thumb)



  • Sooooooooooooooo, I figured it out.

    The problem was (is) me.  pfBlocker was working as it should.

    The problem was that I have a few NAT / Firewall rules that pick off DNS requests from certain hosts on my LAN.
    These DNS requests are to be sent to a different DNS server…  a service that I use (GetFlix).  I know that I can use domain overrides within DNS Resolver, but I never could figure out how to send an entire hosts DNS requests using Resolver... so instead, I just use NAT rules to redirect them before they reach resolver.

    I usually only have my AppleTV and a few other streaming devices in an alias that this rule applies to... however, the desktop I was doing all this testing on (posts above) was in this alias as well.
    I was doing some testing the other day with the DNS requests being redirected aaaaaaaaaand forgot to take my desktop out of this alias.

    So I just took it out... retested... bam.  Works like a charm.

    Thanks for your help, much appreciated.