Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Secure configuration of DNSBL?

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 783 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Velcro
      last edited by

      I am hoping I could get some help securing my DNSBL configuration on pfBlocker if I am not already. I am struggling to understand the the flow of data or configuration which makes me concerned. I am hoping some one can explain.

      Firstly everything appears to be working and up-to-date(pfBlocker version 2.1.2_2), my configuration is as follows:

      • I have multiple VLAN for guest, IOT and Home
      • Everything is working including ability to navigate to 10.10.10.1, seeing alerts, DNSBL feeds with lists, not seeing ads

      Great! and thank you for the opportunity to use the package!

      What concerns me are:

      1. "DNSBL Firewall Rule"  in the "DNSBL" tab is not selected and non of the VLAN interfaces are selected (naturally no rules are added to the VLAN interfaces or floating rules)…why is DNSBL working with out this enabled?
      2. 2 Port forward rules were added when I enabled DNSBL(10.10.10.1 source for both rules and Dest. Ports 80 & 443 for each seperate rule and 8081 & 8043 NAT Ports for each seperate rule), the interface for both rules is my listening interface...this I have seen before and looks right. At one point however I had to "Enable (Pure NAT)" in the "NAT Reflection" in these rules to access 10.10.10.1...now I don't have to do this.

      Have I put a big hole in my firewall? I think part of this has to do with my complete non-understanding of NAT but was hoping some one could explain how DNSBL is working and put me at ease that I haven't completely screwed this up.

      Thanks in advance for any insight...

      V

      (I have attached screen shots of what I am trying to describe)
      ![Screenshot-2017-12-8 pfSense localdomain - Firewall NAT Port Forward.png_thumb](/public/imported_attachments/1/Screenshot-2017-12-8 pfSense localdomain - Firewall NAT Port Forward.png_thumb)
      ![Screenshot-2017-12-8 pfSense localdomain - Firewall NAT Port Forward.png](/public/imported_attachments/1/Screenshot-2017-12-8 pfSense localdomain - Firewall NAT Port Forward.png)
      ![Screenshot-2017-12-8 pfSense localdomain - Firewall pfBlockerNG DNSBL(1).png_thumb](/public/imported_attachments/1/Screenshot-2017-12-8 pfSense localdomain - Firewall pfBlockerNG DNSBL(1).png_thumb)
      ![Screenshot-2017-12-8 pfSense localdomain - Firewall pfBlockerNG DNSBL(1).png](/public/imported_attachments/1/Screenshot-2017-12-8 pfSense localdomain - Firewall pfBlockerNG DNSBL(1).png)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.