Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall blocks everything, or let's everything through

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 3 Posters 693 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jdcnosse
      last edited by

      I've tried a couple times to get pfblockerng to work… Gone through all the setup process following a couple different tutorials (download the package, make sure DNS forwarder is off, DNS resolver is on, enabled dnsbl within pfblocker, add some DNS lists (tried adding ipv4 lists too), enable pfblocker, update pfblocker, etc.

      The first time I got it set up I couldn't figure out why the clients were bypassing the pfsense box and going straight out to the DNS servers set on the general setup page.

      Second time, I got it set up but it blocked nearly everything (I got this page http://sleepyti.me ) to go through but that was it.

      I'm a little disappointed right now because it seems pretty straight forward and yet I can't seem to get it correct...

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Ensure that your LAN devices have their DNS settings set to pfSense for DNS resolution/DNSBL to take effect…. For DNSBL, you have to add those Feeds to the DNSBL tab....The IPv4 tab is only for IP based feeds...

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • V
          Velcro
          last edited by

          I struggled with pfBlocker set up as well but I have it blocking now…BBcan177 had some great tips, I'll share what I can, open to feedback if I have done some things wrong myself:

          1. Make sure you can navigate to 10.10.10.1-pixel....this was a little confusing but its a blank page(no pixels I could see on the page!). I had to add a rule on my interface to allow access to 127.0.0.1

          2. Some of the lists I use in DNSBL are:
            https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
            https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
            http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
            http://osint.bambenekconsulting.com/feeds/dga-feed.gz
            http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

          3. Some of the lists I use in the iPV4:
            http://cinsscore.com/list/ci-badguys.txt
            https://zeustracker.abuse.ch/blocklist.php?download=badips

          4. In the general settings I only use my internal interfaces i.e. I don't run it on my WAN or VPN

          5. Don't turn on GeoIP quite yet and be selective, as an example I originally blocked Brazil but it prevented me from downloading some SNORT rules(The servers are in Brazil)

          While my pfBlocker is working I still have some questions/concerns I am trying to address, see my outstanding post here(which also gets into my DNS resolver settings):
          https://forum.pfsense.org/index.php?topic=135363.0

          While I don't think its perfect it might help get you going...good luck. Hang in there...

          IMG_0208.JPG
          IMG_0208.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.