DNSBL modify default bloked webpage
-
@occamsrazor
You can copy the default file and modify it to your taste.
Or create you own html file. -
I found and downloaded the default page in /usr/local/www/pfblockerng/www/
What I'm realising now is I am never seeing this default block page at all (this was same for me pre -devel version), I just get a timeout.
A ping from client machine to the blocked address confirms it is being redirected to 10.10.10.1
-
@occamsrazor That a page you get when you access a blocked domain name directly : http://js.agkn.com
In case of an image URL you get a 1x1gif page, for a .js you get another page, etc -
@ronpfs said in DNSBL modify default bloked webpage:
@occamsrazor That a page you get when you access a blocked domain name directly : http://js.agkn.com
In case of an image URL you get a 1x1gif page, for a .js you get another page, etcWhen I ping that address it's clearly being blocked
ping js.agkn.com
PING js.agkn.com (10.10.10.1): 56 data bytesBut when I try to access the example you gave http://js.agkn.com in a web browser no page ever loads, just a timeout.
-
@occamsrazor said in DNSBL modify default bloked webpage:
But when I try to access the example you gave http://js.agkn.com in a web browser no page ever loads, just a timeout.
Do you get something from http://10.10.10.1/
-
@ronpfs said in DNSBL modify default bloked webpage:
Do you get something from http://10.10.10.1/
No, just a "Waiting for......" in the bottom of the browser screen and page never loads.
pfSense CE on Qotom Q355G4 8GB RAM/60GB SSD
Ubiquiti Unifi wired and wireless network, APC UPSs
Mac OSX and IOS devices, QNAP NAS -
@occamsrazor Under Firewall / NAT / Port Forward You should have NAT entries pointing to the VIP.
Did you enable Permit Firewall Rules under Firewall / pfBlockerNG / DNSBL ? Do you see those Rules under Firewall / Rules
-
@ronpfs said in DNSBL modify default bloked webpage:
@occamsrazor Under Firewall / NAT / Port Forward You should have NAT entries pointing to the VIP.
Did you enable Permit Firewall Rules under Firewall / pfBlockerNG / DNSBL ? Do you see those Rules under Firewall / Rules
That check box was not enabled. I've enabled it now, restarted router and client machine, and see the rules under Floating:
But still don't get any response from http://10.10.10.1/ or that domain you posted.
-
Aha... I notice the pfB_DNSBL_Ports alias refers to ports 8081 and 8043 only. When I type http://10.10.10.1:8081/ in the browser I get a response:
But even if I manually add port 80 to the pfB_DNSBL_Ports alias it doesn't give me that page when going to http://10.10.10.1
-
@occamsrazor The NAT should take care of redirecting port 80 and 443.
-
@ronpfs said in DNSBL modify default bloked webpage:
@occamsrazor The NAT should take care of redirecting port 80 and 443.
I see a corresponding port-forward in Firewall > NAT Port > Forward but it doesn't seem to be working:
-
Make sure that your LAN devices DNS settings are only set to pfSense, and not any other DNS server or else that will bypass DNSBL.
-
@bbcan177 said in DNSBL modify default bloked webpage:
Make sure that your LAN devices DNS settings are only set to pfSense, and not any other DNS server or else that will bypass DNSBL.
They all use pfsense as DNS server (Resolver with forwarding) and I have rule to block DNS going elsewhere:
DHCP Server DNS settings:
Redirect any other DNS requests to pfSense
NAT settings
LAN Rules
The things is DNSBL IS working.... as bad domains are resolving to 10.10.10.1 in terms of DNS - it's just I am not getting the redirect webpage at 10.10.10.1
-
@occamsrazor said in DNSBL modify default bloked webpage:
The things is DNSBL IS working.... as bad domains are resolving to 10.10.10.1 in terms of DNS - it's just I am not getting the redirect webpage at 10.10.10.1
That blocked page only shows when the root domain is blocked. It won't show when it blocks an AD or a sub-domain.
-
@bbcan177 said in DNSBL modify default bloked webpage:
That blocked page only shows when the root domain is blocked. It won't show when it blocks an AD or a sub-domain.
If we take the example RonPfs gave above, if I do a ping I get this, which would indicate DNSBL is working:
BenMBPwifi:~ ben$ ping agkn.com
PING agkn.com (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=44.806 ms
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=1.503 msBut when I go to http://agkn.com I just get a timeout. It's not a big deal as DNSBL is working, just strange I never, ever see that page. I should add I have TLD enabled, though I didn't before and also never saw that block page.
-
@occamsrazor said in DNSBL modify default bloked webpage:
But when I go to http://agkn.com I just get a timeout. It's not a big deal as DNSBL is working, just strange I never, ever see that page. I should add I have TLD enabled, though I didn't before and also never saw that block page.
Is that domain in a blacklist?
grep "agkn.com" /var/db/pfblockerng/dnsbl/*
As a test, try to browse to "101com.com"
-
@bbcan177 said in DNSBL modify default bloked webpage:
Is that domain in a blacklist?
Yes it is...
Shell Output - grep "agkn.com" /var/db/pfblockerng/dnsbl/* /var/db/pfblockerng/dnsbl/EasyPrivacy.txt:local-data: "agkn.com 60 IN A 10.10.10.1"As a test, try to browse to "101com.com"
Shell Output - grep "101com.com" /var/db/pfblockerng/dnsbl/* /var/db/pfblockerng/dnsbl/MVPS.txt:local-data: "wtrs.101com.com 60 IN A 10.10.10.1"Seems 101com.com isn't in my blocklists but wtrs.101com.com is.
When I ping 101com.com I get a real IP, when I ping wtrs.101com.com I get 10.10.10.1
When I browse to wtrs.101com.com I get a timeout, when I browse to 101com.com I get through to some server. -
@occamsrazor said in DNSBL modify default bloked webpage:
@ronpfs said in DNSBL modify default bloked webpage:
Do you get something from http://10.10.10.1/
No, just a "Waiting for......" in the bottom of the browser screen and page never loads.
Do you have VLANs? If so, please ensure that in the DNSBL tab, that you have selected the "DNSBL Permit" option, and select all of the VLANs in the dropdown selection box.
Otherwise, try to disable the other two port forwards and see if one of those is causing a conflict?
There shouldn't be any timeouts.
"Experience is something you don't get until just after you need it."
Website: http://pfBlockerNG.com
Twitter: @BBcan177 #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/ -
@BBcan177 in PFBlocker-devel is it possible to disable the DNSBL NAT rule and disable the lighthttpd? Before you used a NAT rule (and used floating rules/etc) I just had a simple reject rule if someone attempted to access the DNSBL lighthttpd via http/https, but using the current stable version, I cannot seem to find a way to reject (seems NAT is always evaluated first?)
Thanks!
-
@crusher4 said in DNSBL modify default bloked webpage:
@BBcan177 in PFBlocker-devel is it possible to disable the DNSBL NAT rule and disable the lighthttpd? Before you used a NAT rule (and used floating rules/etc) I just had a simple reject rule if someone attempted to access the DNSBL lighthttpd via http/https, but using the current stable version, I cannot seem to find a way to reject (seems NAT is always evaluated first?)
To fix that Cert error for HTTPS sites, create a new DNSBL Group and add the domains that are causing issue to the customlist at the bottom of the page. Then disable logging and set the Order to "Primary" which will cause this Group to load first.
Follow that with a Force Reload DNSBL... That will null block those domains to 0.0.0.0 and avoid the cert errors.
