Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to Allow pfBlocker to Bypass itself for list fetches

    pfBlockerNG
    2
    2
    321
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian last edited by

      I've been using pfBlocker for the last 6-8 months, and it's been doing a great job.  Thanks bbcan177 for all your hard work!

      One of the lists I'm using has raw.githubusercontent.com in the dnsbl, and I can see that gethub would be a great place to host malware (for awhile until it gets taken down-which I'm sure would happen fairly quickly), so I'm thinking it would be best to leave the block in place rather than remove it.  Only problem is that raw.githubusercontent.com is also a source of many block lists.

      Is there a work around for this other than whitewashing it totally?

      Of less importance would be a way for a short term exception to download something from githubusercontent.com - I currently use a VM with a VPN to tunnel around the firewall, a PITA if the VPN isn't already spinning to wait for it to boot, but it works.  However letting pfBlocker download a link that I have specifically curated is the priority.

      Any suggestions/assistance/ideas would be much appreciated.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.5.2-RELEASE-CE

      1 Reply Last reply Reply Quote 0
      • M
        motific last edited by

        I have mailed BBCAN177 and asked about whitelisting list domains automatically and his response was whitelisting them would be unexpected behaviour for end users and I agree that it would be a bad thing.

        He did suggest that theoretically as the whitelisting can now be done instantly that code to temporarily whitelist domains and then revert them afterwards could be possible at some point in the future.

        Without knowledge of what blocking you have in place it's difficult to say what you could do reliably.  If you're ok with web-based proxies then that is one option.  That way pfBlocker would only see the request to the proxy domain, not the blocked domain which is either part of the URL or encrypted/obfuscated entirely.

        For example I put a list I use into one proxy site and got this URL back…

        https ://www.sitenameredacted.com/browse.php/jFq3YZ2gvRvXF3vBTEqKxhzEqhrhb9TNwIVIO6BD649KAQxY7W0fRByEs2TrB8Z5uRyDQTRJxht5weSttltrT64_3D/b29/fnorefer/

        ..so long as the proxy site is not blocked then your lists will be accessible to pfBlocker.  Obviously you have to trust that proxy not to MITM your traffic or otherwise break stuff, which is why I've not included the name here.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post