1. Home
  2. pfSense Packages
  3. pfBlockerNG
  4. How to Allow pfBlocker to Bypass itself for list fetches

How to Allow pfBlocker to Bypass itself for list fetches

  • G

    I've been using pfBlocker for the last 6-8 months, and it's been doing a great job.  Thanks bbcan177 for all your hard work!

    One of the lists I'm using has raw.githubusercontent.com in the dnsbl, and I can see that gethub would be a great place to host malware (for awhile until it gets taken down-which I'm sure would happen fairly quickly), so I'm thinking it would be best to leave the block in place rather than remove it.  Only problem is that raw.githubusercontent.com is also a source of many block lists.

    Is there a work around for this other than whitewashing it totally?

    Of less importance would be a way for a short term exception to download something from githubusercontent.com - I currently use a VM with a VPN to tunnel around the firewall, a PITA if the VPN isn't already spinning to wait for it to boot, but it works.  However letting pfBlocker download a link that I have specifically curated is the priority.

    Any suggestions/assistance/ideas would be much appreciated.

    0
  • M

    I have mailed BBCAN177 and asked about whitelisting list domains automatically and his response was whitelisting them would be unexpected behaviour for end users and I agree that it would be a bad thing.

    He did suggest that theoretically as the whitelisting can now be done instantly that code to temporarily whitelist domains and then revert them afterwards could be possible at some point in the future.

    Without knowledge of what blocking you have in place it's difficult to say what you could do reliably.  If you're ok with web-based proxies then that is one option.  That way pfBlocker would only see the request to the proxy domain, not the blocked domain which is either part of the URL or encrypted/obfuscated entirely.

    For example I put a list I use into one proxy site and got this URL back…

    https ://www.sitenameredacted.com/browse.php/jFq3YZ2gvRvXF3vBTEqKxhzEqhrhb9TNwIVIO6BD649KAQxY7W0fRByEs2TrB8Z5uRyDQTRJxht5weSttltrT64_3D/b29/fnorefer/

    ..so long as the proxy site is not blocked then your lists will be accessible to pfBlocker.  Obviously you have to trust that proxy not to MITM your traffic or otherwise break stuff, which is why I've not included the name here.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy