Small Typo on Firewall / pfBlockerNG / DNSBL (Need help to clarify)


  • There is a small typo On the page:

    Firewall / pfBlockerNG / DNSBL

    In the section:
    DNSBL Configuration

    The entry:
    DNSBL Virtual IP

    Example ( 10.10.10.1 )
    Enter a  single IPv4 VIP address  that is RFC1918 Compliant.

    This address should be in an Isolated Range than what is used in your Network.
    Rejected DNS Requests will be forwarded to this VIP (Virtual IP)
    RFC1918 Compliant - (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

    and I'm not sure how to read this.

    Should this read

    This address should be in an Isolated Range other than what is used in your Network.

    So if I have a interfaces in the 192.168.x.0/24 and VPN that comes up somewhere in 10.x.x.x (Changes and not under my control).

    Do I need to pick something like 172.16.1.1 or is 192.168.111.1 OK (I'm not using this 192.168.111.0/24) or does it matter?
    Will any single unused RFC1918 IP do the job?

  • Moderator

    Thanks will fix that in the next release to make it clearer… But yes, DNSBL VIP needs to be in an unused Network range.


  • Thanks for the reply BBcan177.  How about something like this:

    This can be any RFC1918 address not used anywhere in your Network.
    Rejected DNS Requests will be forwarded to this VIP (Virtual IP)
    RFC1918 Compliant - (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

    Is this accurate?

    If I understand correctly, all that is needed is a single unused address.  It doesn't matter what address / what range, as long as it doesn't get used for anything.

    Does pfBlockerNG use this address for anything, or is it just a dead address that won't deliver any content?

  • Moderator

    Yes it needs to be in an unused network range, and is used to host the DNSBL Webserver…