PfblockerNG not blocking sites on certain hosts on my lan



  • Hello, pfblockerng is a great product and works well, however there are two hosts that I know of , maybe more that do not seem to be affected by the blocking of lists on my lan. My HTPC and my laptop are able to get to sites that I dont want them to, and they are not blocking things like Telemetry to these computers. I know from reading previous posts that I need to provide some files. please let me know what those are and what if anything I should remove / mask to keep it private. thanks



  • For DNSBL to function, each device has to use pfsense/pfBlockerNG DNS resolver.

    Check the device DNS configuration and make sure they are configured to use pfsense/pfBlockerNG IP.

    You may also configure pfsense DHCP server to provide the correct pfsense DNS Server IP to the device using DHCP.



  • thanks i kind of wondered that so i checked, i have an AD environment at home, so I have my devices point to my AD server, and then my AD server is configured to forward DNS to the PFsense device…is that what you mean. These two hosts are also part of another rule that only allow them access to my pfsense management ip. i wonder if they are conflicting with the pfblocker rules. I have disabled the management rule and it doesnt seem to help. I have bolded my concern in the log. Thanks

    pfSense
    System
    Interfaces
    Firewall
    Services
    VPN
    Status
    Diagnostics
    Gold
    Help
    FirewallpfBlockerNGUpdate
    General
    Update
    Alerts
    Reputation
    IPv4
    IPv6
    DNSBL
    GeoIP
    Logs
    Sync
    Update Settings
    Firewall Alias Firewall Rules Firewall Logs
    Status NEXT Scheduled CRON Event will run at 09:00 with 00:33:06  time remaining.
     Refresh to update current status and time remaining.
    Force Options ** AVOID **  Running these Force options - when CRON is expected to RUN! 
    Select 'Force' option Update Cron Reload
    Run View
    Log

    Running Force Update Task

    UPDATE PROCESS START [ 10/22/17 08:26:55 ]

    ===[  DNSBL Process  ]================================================
    Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding

    [ easylist ] Downloading update .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      9364    8840      0          0          0          8840               
      ----------------------------------------------------------------------
      IP count=37

    [ easylistprivacy ] Downloading update [ 10/22/17 08:26:59 ] .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      3015    2992      30        0          0          2962               
      ----------------------------------------------------------------------
      IP count=15

    [ youtube ] Downloading update [ 10/22/17 08:27:01 ] .. 200 OK
      Remote timestamp missing

    Terminated - Easylists can not be used.

    No Domains Found

    [ malware ] Downloading update .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      20511    20511      8          0          0          20503               
      ----------------------------------------------------------------------

    [ adservers ] Downloading update [ 10/22/17 08:27:07 ] .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      48095    48092      1357      0          0          46735               
      ----------------------------------------------------------------------

    [ yoyolists ] Downloading update [ 10/22/17 08:27:18 ] .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      2466    2466      1483      0          0          983                 
      ----------------------------------------------------------------------

    [ adaway ] Downloading update [ 10/22/17 08:27:19 ] .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      409      409        282        0          0          127                 
      ----------------------------------------------------------------------

    [ sysctl ] Downloading update [ 10/22/17 08:27:21 ] .. 200 OK.
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      20629    20629      5817      0          0          14812               
      ----------------------------------------------------------------------

    [ ADult ] Downloading update [ 10/22/17 08:27:31 ] .. 200 OK
      Remote timestamp missing .
      Whitelist: localhost.localdomain|
      –-------------------------------------
    –-----------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      50544    50544      17082      1          0          33461               
      ----------------------------------------------------------------------

    [ Adult_custom ] Downloading update [ 10/22/17 08:27:41 ].
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      2        2          1          0          0          1                   
      ----------------------------------------------------------------------

    [ BlockWindowsTelemetry_custom ] Downloading update [ 10/22/17 08:27:43 ].
      –--------------------------------------------------------------------
      Orig.    Unique    # Dups    # White    # Alexa    Final               
      ----------------------------------------------------------------------
      110      105        68        0          0          37                 
      ----------------------------------------------------------------------

    [ DNSBL_IP ] Updating aliastable [ 10/22/17 08:27:44 ]…
      no changes.
      Total IP count = 52


    Assembling database... completed
    Validating database... completed [ 10/22/17 08:27:53 ]
    Reloading Unbound…. completed
    DNSBL update [ 128461 | PASSED  ]… completed [ 10/22/17 08:27:59 ]
    –----------------------------------------

    ===[  Continent Process  ]============================================

    ===[  IPv4 Process  ]=================================================

    [ list1 ] Downloading update [ 10/22/17 08:28:00 ] .. 200 OK. completed ..

    Aggregation Stats:
      –----------------
      Original Final     
      ------------------
      5602    5541     
      ------------------
      ------------------------------
      Original Master    Final   
      ------------------------------
      5602    5541      5541        [ Pass ]
      –---------------------------------------------------------------

    [ list2 ] Downloading update [ 10/22/17 08:28:03 ] .. 200 OK. completed ..

    Aggregation Stats:
      –----------------
      Original Final     
      ------------------
      2027    1980     
      ------------------
      ------------------------------
      Original Master    Final   
      ------------------------------
      2027    1979      1979        [ Pass ]
      –---------------------------------------------------------------

    [ list3 ] Downloading update [ 10/22/17 08:28:04 ] .. 200 OK. completed ..

    Aggregation Stats:
      –----------------
      Original Final     
      ------------------
      1970    1961     
      ------------------
      ------------------------------
      Original Master    Final   
      ------------------------------
      1970    1352      1352        [ Pass ]
      –---------------------------------------------------------------

    [ list4 ] Downloading update [ 10/22/17 08:28:05 ] .. 200 OK
      Remote timestamp missing . completed ..

    Aggregation Stats:
      –----------------
      Original Final     
      ------------------
      31561    31243     
      ------------------
      ------------------------------
      Original Master    Final   
      ------------------------------
      31561    27522      27522      [ Pass ]
      –---------------------------------------------------------------

    ===[  IPv6 Process  ]=================================================

    ===[  Aliastables / Rules  ]================================

    Firewall rule changes found, applying Filter Reload

    ===[ FINAL Processing ]=====================================

    [ Original IP count  ]  [ 41159 ]

    [ Final IP Count  ]  [ 36394 ]

    ===[ Deny List IP Counts ]===========================

    36394 total
      27522 /var/db/pfblockerng/deny/list4.txt
        5541 /var/db/pfblockerng/deny/list1.txt
        1979 /var/db/pfblockerng/deny/list2.txt
        1352 /var/db/pfblockerng/deny/list3.txt

    ===[ DNSBL Domain/IP Counts ] ===================================

    128513 total
      46735 /var/db/pfblockerng/dnsbl/adservers.txt
      33461 /var/db/pfblockerng/dnsbl/ADult.txt
      20503 /var/db/pfblockerng/dnsbl/malware.txt
      14812 /var/db/pfblockerng/dnsbl/sysctl.txt
        8840 /var/db/pfblockerng/dnsbl/easylist.txt
        2962 /var/db/pfblockerng/dnsbl/easylistprivacy.txt
        983 /var/db/pfblockerng/dnsbl/yoyolists.txt
        127 /var/db/pfblockerng/dnsbl/adaway.txt
          37 /var/db/pfblockerng/dnsbl/easylist.ip
          37 /var/db/pfblockerng/dnsbl/BlockWindowsTelemetry_custom.txt
          15 /var/db/pfblockerng/dnsbl/easylistprivacy.ip
          1 /var/db/pfblockerng/dnsbl/Adult_custom.txt

    ====================[ Last Updated List Summary ]==============

    Oct 19 23:30 list2
    Oct 19 23:31 list3
    Oct 22 08:00 list1
    Oct 22 08:28 list4

    Database Sanity check [  PASSED  ]
    –----------------------
    Masterfile/Deny folder uniq check
    Deny folder/Masterfile uniq check

    Sync check (Pass=No IPs reported)

    IPv4 alias tables IP count

    36446

    IPv6 alias tables IP count

    0

    Alias table IP Counts

    36446 total
      36394 /var/db/aliastables/pfB_BannedIPS.txt
          52 /var/db/aliastables/pfB_DNSBLIP.txt

    pfSense Table Stats

    table-entries hard limit  2000000
    Table Usage Count        93391

    UPDATE PROCESS ENDED [ 10/22/17 08:28:21 ]

    pfSense is © 2004 - 2017 by Rubicon Communications, LLC (Netgate). All Rights Reserved. [view license]



  • so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns


  • Moderator

    @xphiles:

    so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

    I think this is what you were looking for:
        https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html



  • thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG? According to AVG, it would almost seem as if a tunnel is created between your computer and AVG using the software / backend connection to AVG. Pretty sneaky if that's the case. Oh well, it's disabled now and will not be enabled on any machine ever again.


  • Moderator

    @xphiles:

    thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG?

    They do that thru an HTTPS (I would hope… and not thru HTTP) call back to their domain. So they are stopping DNS hijacking by doing their own DNS hijacking :) lol...


Log in to reply