Custom aliases using domain name

Su30MKI · Nov 22, 2018, 7:20 PM

@nogbadthebad I understand that part. How to create an alias for blocking pfsense by pfblockerng? I am very new to pf blockerng. I also have paid blacklist service. Can I load that to pfblockerng?

NogBadTheBad · Nov 22, 2018, 7:41 PM

Instal lpfBlockerNG-devel
Run the setup wizard , define your inbound and outbound interface.
Create a rule Firewall -> pfBlockerNG -> IP -> IPv4 as per my screenshot but set it as deny outbound
Run update via Firewall -> pfBlockerNG -> Update, the firewall rules will automatically be created

The rules will automatically be created on the inbound and outbound interfaces, give it a go, its quite easy.

Re the paid block list you can, depending on the format, it basically creates tables that are used in firewall rules, check the tables out via Diagnostics -> Tables

Su30MKI · Nov 28, 2018, 6:08 AM

@nogbadthebad Hello.. Thank you for your support. I am sorry for the delay in the reply. I was doing a whole new set up. I have multi wan failover setup done. So in PfblockerNG, The Inbound interface --> WAN1 & WAN2 and The outbound interface --> LAN. Is it the right method?

NogBadTheBad · Nov 28, 2018, 8:47 AM

@su30mki

Yup sounds right.

Su30MKI · Nov 28, 2018, 8:56 AM

@nogbadthebad I am having multiple vlans created in pfsense. Then I think the outbound interface should be all the vlans.

NogBadTheBad · Nov 28, 2018, 2:19 PM

@su30mki

Yes.

Su30MKI · Nov 28, 2018, 2:19 PM

@nogbadthebad Hi, I tried doing it, But it is not blocking facebook. Please find the screenshots.

NogBadTheBad · Nov 28, 2018, 2:24 PM

It's deny outbound.

Get it working with ASN numbers they play with the social networking source after.

NogBadTheBad · Nov 28, 2018, 2:51 PM

I've just tried it and its an issue with your block list as it doesn't contain valid IP addresses just 0.0.0.0 FQDN.

PfB_Test_v4 Table
IP Address
123.41.54.45
130.211.230.53
160.41.54.45
163.41.54.45
194.41.54.45

Rather than using IP try using the DBNS

Su30MKI · Nov 28, 2018, 3:00 PM

Can you please suggest any list?

NogBadTheBad · Nov 28, 2018, 3:06 PM

@su30mki

Have you tried blocking facebook by ASN numbers or like I suggested try the using the list your using in the DBNSL section as per my screenshot.

Su30MKI · Nov 28, 2018, 3:13 PM

@nogbadthebad Thank you very much.. It is working. Saved my reputation.

NogBadTheBad · Nov 28, 2018, 3:14 PM

@su30mki said in Custom aliases using domain name:

@nogbadthebad Thank you very much.. It is working. Saved my reputation.

via IP and ASN number or DNSBL ?

Su30MKI · Nov 28, 2018, 3:21 PM

@nogbadthebad Now how do I segregate different rules for different vlans?

NogBadTheBad · Nov 28, 2018, 3:29 PM

@su30mki

Use alias permit, alias deny, alias match & alias native.

That will just create an alias you can use in firewall rules.

Su30MKI · Nov 28, 2018, 3:30 PM

@nogbadthebad Can you please help me with a screenshot?

NogBadTheBad · Nov 28, 2018, 3:36 PM

Only allow GB access to my SFTP server:-

Su30MKI · Nov 28, 2018, 3:41 PM

@nogbadthebad Thank you for your effort. But that is Geoip. Imagine I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it? How can I do different rules for different vlan via DNSBL?

NogBadTheBad · Nov 28, 2018, 3:47 PM

Use ASN if you want to block a specific company.

DBNSL alters DNS so x.y.z.abc.com resolves to an internal ip address on your router.

IP creates tables that can be used in firewall rules.

The example I gave you was a GeoIP one I use but ASN based ones are no different, rather than containing a countries IP range it contains a companies IP range.

Alexismurphy · Dec 20, 2018, 5:28 AM

@su30mki said in Custom aliases using domain name:

I want to block facebook to one vlan and another vlan requires facebook access.. How do I do it?

First at all, you have to configure your vlan.
After that, you have to create an ACL in order to provide internet access to one vlan and block it in the other vlans.
Remember set your device as a “Layer 3” device.