PfblockerNG not blocking sites on certain hosts on my lan

xphiles

Hello, pfblockerng is a great product and works well, however there are two hosts that I know of , maybe more that do not seem to be affected by the blocking of lists on my lan. My HTPC and my laptop are able to get to sites that I dont want them to, and they are not blocking things like Telemetry to these computers. I know from reading previous posts that I need to provide some files. please let me know what those are and what if anything I should remove / mask to keep it private. thanks

RonpfS

For DNSBL to function, each device has to use pfsense/pfBlockerNG DNS resolver.

Check the device DNS configuration and make sure they are configured to use pfsense/pfBlockerNG IP.

You may also configure pfsense DHCP server to provide the correct pfsense DNS Server IP to the device using DHCP.

xphiles

thanks i kind of wondered that so i checked, i have an AD environment at home, so I have my devices point to my AD server, and then my AD server is configured to forward DNS to the PFsense device…is that what you mean. These two hosts are also part of another rule that only allow them access to my pfsense management ip. i wonder if they are conflicting with the pfblocker rules. I have disabled the management rule and it doesnt seem to help. I have bolded my concern in the log. Thanks

pfSense
System
Interfaces
Firewall
Services
VPN
Status
Diagnostics
Gold
Help
FirewallpfBlockerNGUpdate
General
Update
Alerts
Reputation
IPv4
IPv6
DNSBL
GeoIP
Logs
Sync
Update Settings
Firewall Alias Firewall Rules Firewall Logs
Status NEXT Scheduled CRON Event will run at 09:00 with 00:33:06  time remaining.
 Refresh to update current status and time remaining.
Force Options ** AVOID **  Running these Force options - when CRON is expected to RUN! 
Select 'Force' option Update Cron Reload
Run View
Log

Running Force Update Task

UPDATE PROCESS START [ 10/22/17 08:26:55 ]

===[  DNSBL Process  ]================================================
Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding

[ easylist ] Downloading update .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  9364    8840      0          0          0          8840               
  ----------------------------------------------------------------------
  IP count=37

[ easylistprivacy ] Downloading update [ 10/22/17 08:26:59 ] .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  3015    2992      30        0          0          2962               
  ----------------------------------------------------------------------
  IP count=15

[ youtube ] Downloading update [ 10/22/17 08:27:01 ] .. 200 OK
  Remote timestamp missing

Terminated - Easylists can not be used.

No Domains Found

[ malware ] Downloading update .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  20511    20511      8          0          0          20503               
  ----------------------------------------------------------------------

[ adservers ] Downloading update [ 10/22/17 08:27:07 ] .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  48095    48092      1357      0          0          46735               
  ----------------------------------------------------------------------

[ yoyolists ] Downloading update [ 10/22/17 08:27:18 ] .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  2466    2466      1483      0          0          983                 
  ----------------------------------------------------------------------

[ adaway ] Downloading update [ 10/22/17 08:27:19 ] .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  409      409        282        0          0          127                 
  ----------------------------------------------------------------------

[ sysctl ] Downloading update [ 10/22/17 08:27:21 ] .. 200 OK.
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  20629    20629      5817      0          0          14812               
  ----------------------------------------------------------------------

[ ADult ] Downloading update [ 10/22/17 08:27:31 ] .. 200 OK
  Remote timestamp missing .
  Whitelist: localhost.localdomain|
  –-------------------------------------–-----------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  50544    50544      17082      1          0          33461               
  ----------------------------------------------------------------------

[ Adult_custom ] Downloading update [ 10/22/17 08:27:41 ].
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  2        2          1          0          0          1                   
  ----------------------------------------------------------------------

[ BlockWindowsTelemetry_custom ] Downloading update [ 10/22/17 08:27:43 ].
  –--------------------------------------------------------------------
  Orig.    Unique    # Dups    # White    # Alexa    Final               
  ----------------------------------------------------------------------
  110      105        68        0          0          37                 
  ----------------------------------------------------------------------

[ DNSBL_IP ] Updating aliastable [ 10/22/17 08:27:44 ]…
  no changes.
  Total IP count = 52

---

Assembling database... completed
Validating database... completed [ 10/22/17 08:27:53 ]
Reloading Unbound…. completed
DNSBL update [ 128461 | PASSED  ]… completed [ 10/22/17 08:27:59 ]
–----------------------------------------

===[  Continent Process  ]============================================

===[  IPv4 Process  ]=================================================

[ list1 ] Downloading update [ 10/22/17 08:28:00 ] .. 200 OK. completed ..

Aggregation Stats:
  –----------------
  Original Final     
  ------------------
  5602    5541     
  ------------------
  ------------------------------
  Original Master    Final   
  ------------------------------
  5602    5541      5541        [ Pass ]
  –---------------------------------------------------------------

[ list2 ] Downloading update [ 10/22/17 08:28:03 ] .. 200 OK. completed ..

Aggregation Stats:
  –----------------
  Original Final     
  ------------------
  2027    1980     
  ------------------
  ------------------------------
  Original Master    Final   
  ------------------------------
  2027    1979      1979        [ Pass ]
  –---------------------------------------------------------------

[ list3 ] Downloading update [ 10/22/17 08:28:04 ] .. 200 OK. completed ..

Aggregation Stats:
  –----------------
  Original Final     
  ------------------
  1970    1961     
  ------------------
  ------------------------------
  Original Master    Final   
  ------------------------------
  1970    1352      1352        [ Pass ]
  –---------------------------------------------------------------

[ list4 ] Downloading update [ 10/22/17 08:28:05 ] .. 200 OK
  Remote timestamp missing . completed ..

Aggregation Stats:
  –----------------
  Original Final     
  ------------------
  31561    31243     
  ------------------
  ------------------------------
  Original Master    Final   
  ------------------------------
  31561    27522      27522      [ Pass ]
  –---------------------------------------------------------------

===[  IPv6 Process  ]=================================================

===[  Aliastables / Rules  ]================================

Firewall rule changes found, applying Filter Reload

===[ FINAL Processing ]=====================================

[ Original IP count  ]  [ 41159 ]

[ Final IP Count  ]  [ 36394 ]

===[ Deny List IP Counts ]===========================

36394 total
  27522 /var/db/pfblockerng/deny/list4.txt
    5541 /var/db/pfblockerng/deny/list1.txt
    1979 /var/db/pfblockerng/deny/list2.txt
    1352 /var/db/pfblockerng/deny/list3.txt

===[ DNSBL Domain/IP Counts ] ===================================

128513 total
  46735 /var/db/pfblockerng/dnsbl/adservers.txt
  33461 /var/db/pfblockerng/dnsbl/ADult.txt
  20503 /var/db/pfblockerng/dnsbl/malware.txt
  14812 /var/db/pfblockerng/dnsbl/sysctl.txt
    8840 /var/db/pfblockerng/dnsbl/easylist.txt
    2962 /var/db/pfblockerng/dnsbl/easylistprivacy.txt
    983 /var/db/pfblockerng/dnsbl/yoyolists.txt
    127 /var/db/pfblockerng/dnsbl/adaway.txt
      37 /var/db/pfblockerng/dnsbl/easylist.ip
      37 /var/db/pfblockerng/dnsbl/BlockWindowsTelemetry_custom.txt
      15 /var/db/pfblockerng/dnsbl/easylistprivacy.ip
      1 /var/db/pfblockerng/dnsbl/Adult_custom.txt

====================[ Last Updated List Summary ]==============

Oct 19 23:30 list2
Oct 19 23:31 list3
Oct 22 08:00 list1
Oct 22 08:28 list4

Database Sanity check [  PASSED  ]
–----------------------
Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

IPv4 alias tables IP count

36446

IPv6 alias tables IP count

0

Alias table IP Counts

36446 total
  36394 /var/db/aliastables/pfB_BannedIPS.txt
      52 /var/db/aliastables/pfB_DNSBLIP.txt

pfSense Table Stats

table-entries hard limit  2000000
Table Usage Count        93391

UPDATE PROCESS ENDED [ 10/22/17 08:28:21 ]

pfSense is 2004 - 2017 by Rubicon Communications, LLC (Netgate). All Rights Reserved. [view license]

xphiles

so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

BBcan177

@xphiles:

so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

I think this is what you were looking for:
    https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html

xphiles

thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG? According to AVG, it would almost seem as if a tunnel is created between your computer and AVG using the software / backend connection to AVG. Pretty sneaky if that's the case. Oh well, it's disabled now and will not be enabled on any machine ever again.

BBcan177

@xphiles:

thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG?

They do that thru an HTTPS (I would hope… and not thru HTTP) call back to their domain. So they are stopping DNS hijacking by doing their own DNS hijacking :) lol...