1. Home
  2. pfSense Packages
  3. pfBlockerNG
  4. How to stop pfblockerNG from blocking sites??

How to stop pfblockerNG from blocking sites??

  • wgstarks

    Foolishly when I installed pfblockerNG I failed to consider how blocking online advertisers would effect my ability to shop online. Now if I google an item that I want to purchase I just get a 1x1 pixel page. I tried whitelisting the blocked sites in the "alerts" tab, but that just results in another block alert the next time I try to visit the site and if I try whitelisting again I get a message that the site is already whitelisted. I have deleted all my IPv4 listings and their associated rules. I've run multiple updates in pfb. I even tried clearing the cache on my browser. What did I miss? My goal now is just to block malicious traffic, but not sure how to remove the blocks for ads?

    0
  • RonpfS

    After you have whitelisted a few sites in DNSBL, to settle things, run a Force Update DSNBL.

    0
  • wgstarks

    @RonpfS:

    After you have whitelisted a few sites in DNSBL, to settle things, run a Force Update DSNBL.

    I tried that. The alerts tab showed that the sites were still being blocked and were also white listed. Even after running the update.

    0
  • RonpfS

    most domain names ended up TLD if you enabled TLD.

    For example : 6634248.fls.doubleclick.net

    grep 6634248.doubleclick.net /var/unbound/pfb_dnsbl.conf

    grep fls.doubleclick.net /var/unbound/pfb_dnsbl.conf

    grep doubleclick.net /var/unbound/pfb_dnsbl.conf

    local-data: "www.doubleclick.net.my 60 IN A 10.10.10.1"
    local-zone: "doubleclick.net" redirect local-data: "doubleclick.net 60 IN A 10.10.10.1"

    If you put 6634248.fls.doubleclick.net in Custom whitelist, it won't whitelist it as any request forĀ  *.doubleclick.net will give the VIP adress.

    So if you want whitelist to all subdomain *.doubleclick.net, you had *.doubleclick.net to the Custom whitelist.

    If you want to only whitelist 6634248.fls.doubleclick.net then you have to put doubleclick.net in the TLD Exclusion List. Do a Force Reload DNSBL, now instead of collapsing all doubleclick.net domain names into *.doubleclick.net, it will just collect all doubleclick.net domain names as they are listed in the tables. This could increase the number of Domain in DNSBL by hundreds.

    After the Force Reload DNSBL, you can then whitelist any doubleclick.net domain from the Alerts Tab or with Custom Whitelist.

    When you are done whitelisting domains, I recommend to run Force Reload DNSBL to settle things. Sometimes whitelisting temporary vanishes at Cron Update if the table containing the whitelisted domain names isn't downloaded, then magically return at next Cron update that download the table)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy