4. PfblockerNG 2.0.17 woes

PfblockerNG 2.0.17 woes

  • P

    Hello all,

    Since I upgraded to latest version of pfblockerNG and pfsense I noticed pfblockerNG no longer works as it should.

    First issue (to be confirmed it is):
    I am pretty sure I had several aliases under ipv4 and each alias had several lists.  Now I just noticed that all lists are grouped under a single alias and most of the lists have the same identifiers (or whatever the last column on the right is used for).  Since I am not 100% sure the lists were separated in multiple aliases I cannot confirm this as an issue but I wonder if this will work???

    Second issue:
    I am also using DNSBL, I managed to create several feeds each pointing to a text file stored on a remote server on LAN.  pfblockerNG does not report problems to retrieve these lists.  The issue is that in my lists I am using web adresses without the "www." part.  For example

    oracle.com
instagram.com
pinterest.com
virtualbox.com
dailymail.co.uk
liveleak.com
somalinet.com

    If I remember correctly, I had to truncate the "www." otherwise pfblockerNG wouldn't work with the adresses.  Anyways now, pfblockerNG blocks the sites, but if I add the "www." part in the browser's address bar, the website is no longer blocked by pfblockerNG.

    For example, in one feed I have "facebook.com".  If I enter "facebook.com" in a web browser, I get a blank page with a single white pixel at the center (I assume pfblockerNG works).  If I enter "www.facebook.com", it just loads no problem.  I confirm this is true for everything in my feeds.  I tried adding an entry such as "www.facebook.com" in my feed source, but I still can access the site.

    Third issue:
    There are a few sites in my DNSBL feeds that I can access although they are in my DNSBL feeds.  For example pinterest.com even if it is added in my feeds as "pinterest.com".

    I am not sure how to debug this or if this is due to misconfig or a corruption between upgrades??

    0
  • Moderator

    Ensure that you are using a unique Header/Label for each List in the IPv4 tab.

    DNSBL will block only the listed Domain, and not any Sub-Domains… So if www.example.com is listed, then that is what gets blocked, and not example.com (and vice-versa)....

    The new pending 2.1.1 version will have TLD feature which will allow for the blocking of the entire Domain/Sub-Domains...

    See this thread:
    https://forum.pfsense.org/index.php?topic=115357.0

    0
  • P

    BBCan177 you're quick to reply!!!  THanks!

    Yes I have modified the headers/labels (thats the name I was searching for…) to be unique ones.

    Is it just normal for me to find all my lists under a single Alias named "CustomBlockedLists"??  I really do not remember to have merged everything like that, unless I was drunk?  :o

    Looking forward to the TLD feature in pfblockerNG!!  This will save us from entering multiple domains, and simplify things...

    Thanks again!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy