Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Whitelist doesn't stay whitelisted

    Scheduled Pinned Locked Moved
    pfBlockerNG
    4
    9
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Apathia
      last edited by

      With PFblockerNG activated, twitch.tv streams don't start. What I did to whitelist it, was go into the ipv4 section, Added a new list, kept pretty much everthing default except the names and List Action is set to permit both, then added twitch.tv to the IPv4 Custom list. I then saved it and updated PFblockerNG and twitch.tv streams work, until a while later when they stop working again.

      Am I doing something wrong?

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        So what is blocked ?
        The IP of twitch.tv or the Domain name "twitch.tv" ?

        In the pfblockerNG Alerts tab you can see what is blocked :
        IP are blocked under Deny - Last xxx Alert Entries
        while Domains are blocked under DNSBL - Last xx Alert Entries

        If there is a "+" icon, you can suppress it from the Alert tabs.
        Remember to click on the InfoBlock icon on any pfBlockerNG page to get additional information about configuration/usage.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • A
          Apathia
          last edited by

          Turns out it's the IP for the twitch video which uses a separate domain (video-edge-4995f0.iad02.hls.ttvnw.net is the whole url), and I've already added ttvnw.net to the whitelist, but it's still being blocked after a while.

          Does this mean I have to whitelist the entire 192.16.64.0/21 IP range that's being blocked?

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            Maybe you could use the ASN AS46489 of Twitch TV to create a pass alias.

            https://www.ultratools.com/tools/asnInfoResult?domainName=192.16.70.22

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • A
              Apathia
              last edited by

              That unfortunately didn't work, but just to make sure I'm doing it correctly, I use "AS46489" instead of "twitch.tv" in the IPv4 Custom list section?

              Whitelisting the entire IP range does work though, but I don't think it's a good idea to keep it like that is it?

              screencapture-10-10-10-1-pkg_edit-php-1483801839850.png
              screencapture-10-10-10-1-pkg_edit-php-1483801839850.png_thumb

              1 Reply Last reply Reply Quote 0
              • C
                chrcoluk
                last edited by

                what list blocked twitch?

                pfSense CE 2.7.2

                1 Reply Last reply Reply Quote 0
                • A
                  Apathia
                  last edited by

                  http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz

                  Not sure which guide I used to add it. There was a script that added 3 levels plus 12 individual groups. This was in the Ads section.

                  Edit: https://forum.pfsense.org/index.php?topic=118424.0

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR
                    RonpfS
                    last edited by

                    Iblocklist are to be avoided, most are stale, looking at http://iplists.firehol.org/?ipset=iblocklist_ads it has not been updated since Sept 2015.

                    Under IPv4 Source Definitions :
                     Click here for Guidelines –->
                    You will see

                    Whois:    Domain name or AS (ie: facebook.com or AS32934)

                    2.4.5-RELEASE-p1 (amd64)
                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfsensory
                      last edited by

                      Any suggestions as to which lists would be better to use?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post