PFBLOCKER DNSBL Shallalist not working when I click on google links

dgall

PFBLOCKER DNSBL blocks Shallalist_porn and socialnet websites when I manually type them in my browser but if I google facebook or pornhub and click on the google link the DNSBL does not block the websites. Do I have something configured wrong or is this just a bug in the system?

BBcan177

You will need to enable the "TLD" option and Force reload - DNSBL for it to take effect. That option will wildcard block all sub-domains.

dgall

BBcan177 when I did this on my SG-3100 it used all my memory and it locked it up after 15 minutes I rebooted and disabled DNSBL my next question in the forum is can I put in more memory in my SG-3100

BBcan177

https://forum.netgate.com/topic/102967/pfblockerng-v2-1-w-tld/1

https://www.reddit.com/r/PFSENSE/comments/97pqg7/pfblockerng_general_best_practice/e4ajw1x/

dgall

My simple fix was to disable all the pfblocker GEOIP,s and only use DNSBL for blocking Social media with TLD enabled. I use snort pro and with pfsense firewall I am happy with the security I am getting and all my computers run a good antivirus all windows updates are put in as soon as they come out and I back up everything to NAS and online daily.
I let all the employees hook up to the Guest wifi so they can listen to Pandora but I want to be able to use facebook . Using the DNSBL my memory usage went from 32% to 45% and everything is working as it should.

dgall

Better solution yet trash shallalist use a list like this one https://github.com/StevenBlack/hosts it works just as good without enabling TLD and uses nowhere near the ram

BBcan177

@dgall said in PFBLOCKER DNSBL Shallalist not working when I click on google links:

Better solution yet trash shallalist use a list like this one https://github.com/StevenBlack/hosts it works just as good without enabling TLD and uses nowhere near the ram

Shallalist is a large database... YMMV on its use compared to other feeds. You need to do some research/testing to see what works best for your needs. I typically do not recommend using a "middleman" compilation of Feeds as "StevenBlack" does. You would be better off adding the feeds that are represented in that compilation directly. In pfBlockerNG-devel, there is a Feeds tab that had quite a few feeds to choose from and also research their support pages.

I'd also recommend to enable TLD, it does use more ram, but it will block subdomains for malicious sites, which will not be blocked when that feature if disabled. But up to you...

dgall

BBCAN I would like to use shallalist and enable TLD but it uses all my ram and locks up my SG-3100 Ideally I would like to just take the cover off the box throw some more ram in it but SG-3100 but its not up gradable. I am comfortable with the layers of security procedures I have in place for things like malware I own a small shop of 5 computers and wifi for the guys to use for listening to music on their smart phones while they are listening to music I want them to stay the hell off any Social media and Steves list blocks every social media app on my smart phone and that exactly what I needed.

BBcan177

I hear you... I can't do much with how Unbound creates static zones (Wildcard domain blocking)... But it is in my opinion worth every bit of RAM used. Too bad the 3100 is limited in RAM.

The StevenBlack feed is ok to use but I would suggest just adding the feeds that comprise that Feed into DNSBL, so that you will ensure that you are getting updates straight from the original source of the Feeds, and not a middle man. There is more that can go wrong when you rely on a single source. Not to mention, you can update each feed on a more frequent basis from the original source, so that you get the latest changes quicker. Not to knock anyone down, as I am sure StevenBlack does a great job.

Either way, its your box and you choose how much you want it to do... I just try to post a full answer, so that other users who read this post might understand my thoughts on this subject.

https://github.com/StevenBlack/hosts/blob/master/readme.md

dgall

BBcab177 do you have a recommended list for blocking social media ? Steves list unfortunately blocked many things that had nothing to do with social media.

BBcan177

@dgall said in PFBLOCKER DNSBL Shallalist not working when I click on google links:

BBcab177 do you have a recommended list for blocking social media ? Steves list unfortunately blocked many things that had nothing to do with social media.

I would think the Category Blacklist(s) would be the best for that. Either Shallalist or UT1. YMMV

There is Squid Blacklist that is an option, but it is a paid service. You will have to download the Category template seperately in order to configure it:

fetch -o /usr/local/pkg/pfblockerng/squidblacklist_global_usage "https://gist.githubusercontent.com/BBcan177/b91d3c25667d326411b6fc4eb5c1f080/raw"