DNSBL modify default bloked webpage

BBcan177 · Feb 24, 2019, 9:48 PM

This is where you create a new "DNSBL Group" (I am renaming DNSBL Feed -> DNSBL Group in the next release):
Click on the DNSBL Tab
Click "DNSBL Feeds"
Click "Add"

Set the Name and Header field
Set the Action to Unbound
Set the Logging to Disabled
Set Group Order to Primary
Add the domains that are causing those Cert issues, to the bottom Custom List.

Save, "Force Reload - DNSBL"

bldnightowl · Feb 25, 2019, 8:43 AM

@bbcan177 Thanks for that.

What effect is the "null block" supposed to have? When I access a problem site -- I still see a certificate warning. DNS lookups in the domain in question still return 10.10.10.1 rather than 0.0.0.0. (Update: the problem is that I needed to put in a full hostname, e.g., www.googleadservices.com, rather than just the domain name as it asked for, e.g., googleadservices.com.)

Any plans to have DNSBL use a server certificate from the pfSense's certificate manager so that this workaround is unnecessary? Adding an exception like this for very problematic domain is not tractable (or desirable, since as you've pointed it out it defeats logging and tracking for such ads).

davidm40 · Mar 3, 2019, 4:41 PM

Hello there security folks,
Same problem here with a brand new install on my test lab:
PfBlocker 2.1.4_16
PfSense 2.4.4_2

DNSBL works and turns ads into 1.1 pixel but I cannot display the "blocked page warning" when the root domain is blocked.
For example : darkpage.win is on one of my DNSBL lists. I confirm it's darkpage.win and not something.darkpage.win.
When I browse this address, all I get is a 1.1 pixel, not the "blocked page warning" I should get.

Below is my nslooup result for that page :
nslooup darkpage.win
Server : 192.168.1.252
Address : 192.168.1.252#53

Name : darkpage.win
Address : 10.10.10.1

Did someone find a solution ?
Thanks a lot

BBcan177 · Mar 3, 2019, 5:52 PM

@davidm40 said in DNSBL modify default bloked webpage:

PfBlocker 2.1.4_16

You will need to upgrade to pfBlockerNG-devel which has the blocked web page functionality.

davidm40 · Mar 3, 2019, 6:19 PM

Oh, I see.
Thanks for the quick reply @BBcan177
Glad I didn't start getting my hands dirty too early.

amitg0123 · Mar 22, 2019, 8:17 AM

@concord @BBcan177 I am having exactly same issue. If I change "Redirect target IP" to "10.10.10.1" instead of "127.0.0.1" for the generated NAT rules, it works fine.

I think the issue is port forwarding to "127.0.0.1" is not working with latest pfSense release.

amitg0123 · Mar 22, 2019, 8:27 AM

@concord @BBcan177 I modified /usr/local/pkg/pfblockerng/pfblockerng.inc by replacing line 1087 likes this:

'target'                => "{$pfb['dnsbl_vip']}",

Now the NAT rules always have vip as target ip and issue is solved.

However, I think 127.0.0.1 should work. May be issue is with latest release of pfSense itself?

Argion · May 17, 2019, 3:15 PM

@BBcan177

I followed these instructions to block roblox for the kids. The result is that I get an error in the browser that the site cannot be reached but I do not see a block message. Is that the expected behavior?

ryanca · Nov 14, 2019, 8:48 PM

Thanks, but I would rather go back to the old way with the (GIF Image, 1 × 1 pixels). Could i just upload that gif image to the /usr/local/www/pfblockerng/www/ folder and delete the default html files in there? Or do I need to do something else?

BBcan177 · Nov 16, 2019, 5:44 PM

@ryanca said in DNSBL modify default bloked webpage:

Thanks, but I would rather go back to the old way with the (GIF Image, 1 × 1 pixels). Could i just upload that gif image to the /usr/local/www/pfblockerng/www/ folder and delete the default html files in there? Or do I need to do something else?

Copy the default page and create a new one with your modifications. Then select the new page in the DNSBL Tab.