Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL Config Question

    pfBlockerNG
    2
    4
    847
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tagit446
      last edited by

      In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

      Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

      For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        @tagit446:

        In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

        You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

        @tagit446:

        Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

        Select the interfaces that have devices using pfsense as the router for IP blocking.

        @tagit446:

        For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?

        Deny outbound should be enough if you have no open port on the WAN side as the default block rule already block traffic.

        Deny both is when you have open port on the WAN side.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • T
          tagit446
          last edited by

          @RonpfS:

          @tagit446:

          In "DNSBL Configuration" –> "DNSBL Listening Interface" - I have LAN1, LAN2 , W_LAN, ExpressVPN_NY and ExpressVPN_NJ. Does it matter which one I choose?

          You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

          Please elaborate as I use it on all interfaces (I thought?) but this option only allows you to choose one from the drop down.

          @RonpfS:

          @tagit446:

          Same for "DNSBL Configuration" –> "DNSBL Firewall Rule" - I have the same options plus OpenVPN. Currently I have LAN1, LAN2 and W_LAN selected. The VPN runs on LAN2 and W_LAN Should they all be selected?

          Select the interfaces that have devices using pfsense as the router for IP blocking.

          Have to admit this one confuses me due to the VPN.

          @RonpfS:

          @tagit446:

          For "DNSBL IP Firewall Rule Settings" –> "List Action" - Some tutorials i read say to set it to "Deny Both" and other tutorials say to set it to "Deny Outbound". Which setting is typically best?

          Deny outbound should be enough if you have no open port on the WAN side as the default block rule already block traffic.

          Deny both is when you have open port on the WAN side.

          This is good to know since I do have several ports open for my COD game.

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            @tagit446:

            @RonpfS:

            You select the Interfaces where devices use pfsense/DNSBL for DNS services resolution. This will create NAT rules to forward Web request to the VIP.

            Please elaborate as I use it on all interfaces (I thought?) but this option only allows you to choose one from the drop down.

            Yeah, I wasn't on the DNSBL tab at the time. So you select one of the LAN interfaces then  ;)

            @tagit446:

            Have to admit this one confuses me due to the VPN.

            I don't have VPNs here.

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.