Is this a problem..? DNSBL



  • Sorry guys, I am super noon in pfSense, and I just started using pfBlockerNG. While it does seem amazing, and I have added many lists (I have 8 gigs of RAM, so shouldn't be an issue…?) I did see this error as I forced an update, and I am just not sure if this means something is wrong?

    http://pastebin.com/JXxGchpS

    Also, is there a centralized list of all DNSBL feeds? And I have read SO many times, its better not to block the world but to allow only specific countries in. I fully support and understand that, but how exactly does one DO that?



  • Can you post the URL that you are using.  If your using http://adblock.gjtech.net/?format=unix-hosts  I think the list is down and the pfBlockerNG updater is trying to read the page that does load.


  • Moderator

    Yes remove gjtech, that feed is dead…  The next version of pfBlockerNG will have a Feeds Management Tab, which will list the recommended IP/DNSBL feeds...

    In regards to blocking the world, what are you trying to accomplish? Do you have any open WAN ports?



  • @BBcan177:

    Yes remove gjtech, that feed is dead…  The next version of pfBlockerNG will have a Feeds Management Tab, which will list the recommended IP/DNSBL feeds...

    In regards to blocking the world, what are you trying to accomplish? Do you have any open WAN ports?

    Well, I do not have any manually opened ports no. I am just trying to make it all as secure as possible, but I am new to it all. I think the question I am asking is, how do I make I block "all known bad" IP's from communicating with my network, inbound or outbound. I understand Pfsense should be blocking "all bad" inbound traffic, but I want to make sure if any computers on my network where to become infected, they at least wouldn't be able to phone home ect.


  • Moderator

    By default, pfSense on the WAN is an implicit Deny… So it will block all "Unsolicited Traffic" by default... So if you open up any ports on the WAN then that is what you need to protect...

    The LAN can however, make requests outbound, and that sets a Firewall state entry, that allows the packets to follow back thru the WAN (Inbound).

    You can start by blocking a few Countries in the TOP20 list, and define those as "Deny Outbound" and see how that goes... All blocked alerts are visible in the Alerts Tab... To bypass a GeoIP block, you will need to create a new "Permit Outbound" Whitelist Alias in the IPv4 tab, and add the IPs that you want to get to in the Customlist.

    You can also add other IP feeds to block known malicious IPs (IPv4/6) tab...



  • @BBcan177:

    By default, pfSense on the WAN is an implicit Deny… So it will block all "Unsolicited Traffic" by default... So if you open up any ports on the WAN then that is what you need to protect...

    The LAN can however, make requests outbound, and that sets a Firewall state entry, that allows the packets to follow back thru the WAN (Inbound).

    You can start by blocking a few Countries in the TOP20 list, and define those as "Deny Outbound" and see how that goes... All blocked alerts are visible in the Alerts Tab... To bypass a GeoIP block, you will need to create a new "Permit Outbound" Whitelist Alias in the IPv4 tab, and add the IPs that you want to get to in the Customlist.

    You can also add other IP feeds to block known malicious IPs (IPv4/6) tab...

    Ok, one more question then. Currently I don't have any open ports, but that will most likely change once I get a Freenas server up and running. Say I will open port 22 for ssh/sftp access, how do I go about protecting that on the WAN?

    And thanks so much for the help! You rock man!!


  • Moderator

    Use the "Adv. Inbound Firewall Rule" settings to restrict those ports to the smallest subset of IPs that you can….