DNSBL Certificate errors
-
@bbcan177 said in DNSBL Certificate errors:
Next release will have functionality to force "0.0.0.0" for a DNSBL group to avoid this issue....
Hi @BBcan177,
I just did an update of pfBlocker to 2.1.4_8 and noticed I had the CA cert errors again on my devices.
Then I remembered this topic, and that I have to edit the /usr/local/pkg/pfblockerng/pfblockerng.inc file to remove the 'pass' statement there to make my other blocking rules for the https redirected sites to pfblockerng work, so the devi8ces will have no warning about the untrused root certificate.I was wondering if the 0.0.0.0 option you mentioned has made it / will make it into one of the upcoming releases?
-
@heman said in DNSBL Certificate errors:
I was wondering if the 0.0.0.0 option you mentioned has made it / will make it into one of the upcoming releases?
Yes this is in the pfBlockerNG-devel version already...
-
Hello,
I am new with pfblockkerng
I have a problem with pfblockkerng settings.
I installed pfBlockerNG-devel 2.2.5_11
My problem with https:// pages and certificates
I want to block social networks with DNSBL
When I try to access facebook, I get SSL CA errors
How to set it to get dnsbl_default.phpThanks.
-
@bbcan177 said in DNSBL Certificate errors:
@heman said in DNSBL Certificate errors:
I was wondering if the 0.0.0.0 option you mentioned has made it / will make it into one of the upcoming releases?
Yes this is in the pfBlockerNG-devel version already...
I too, am running the latest pfBlockerNG-devel version and still seeing the DNSBL Certificate errors. I thought this was supposed to have been fixed in the devel version. Is there something else that we need to do manually to stop these errors?
This is the only nuisance type complaint that I have with the new pfBlockerNG-devel addon. I am a little disappointed that this error is still occurring as I thought that it was supposed to be fixed. If we need to manually do something, please let us, the users, know what to do.Again thanks for a great new version of pfBlockerNG.
-
@jdeloach said in DNSBL Certificate errors:
I too, am running the latest pfBlockerNG-devel version and still seeing the DNSBL Certificate errors. I thought this was supposed to have been fixed in the devel version. Is there something else that we need to do manually to stop these errors?
This is the only nuisance type complaint that I have with the new pfBlockerNG-devel addon. I am a little disappointed that this error is still occurring as I thought that it was supposed to be fixed. If we need to manually do something, please let us, the users, know what to do.
Again thanks for a great new version of pfBlockerNG.Thanks!
Its already in pfBlockerNG-devel... You just have to do a few steps. I posted here and elsewhere:
https://forum.netgate.com/topic/133055/dnsbl-modify-default-bloked-webpage/12When you null route those domains to 0.0.0.0 it won't do any logging, so you only want to do that for the domains that are causing the Certificate issues over HTTPS... Probably just a handful...
-
I have disable loggin for Facbook in DNSBL Feeads.
Now when I do nslookup www.facebook.com I get addres: 0.0.0.0 and the Firefox error that the page does not exist.
How can I redirect to block page (dnsbl_default.php) ?Thanks.
-
@darkopopo said in DNSBL Certificate errors:
I have disable loggin for Facbook in DNSBL Feeads.
Now when I do nslookup www.facebook.com I get addres: 0.0.0.0 and the Firefox error that the page does not exist.
How can I redirect to block page (dnsbl_default.php) ?You can't... when you null route to 0.0.0.0 it doesn't do any logging, and hence no certificate errors... Next versions will leverage the python integration of Unbound which will allow for more integration, such as improved logging for null routing and logging of all permitted DNS requests but that is a ways off...
