Is there a quick way to query or determine which list contains a blocked IP or DNS entry?



  • As I'm tuning pfblockerNG-devel it seems like there's a missed opportunity to query the local db to find out who's blocking a certain target.

    e.g. google.com is blocked in the basic feeds. I whitelisted only those URLs needed for things to work like account login, maps, id management, drive, and left the rest of the tracers and ad servers to be blocked.

    It would have been nice to have a quick way to see which feed has it included.



  • @lohphat

    Not sure if there's a way to query the local db, but as you may have already discovered, the Alert log shows which feed a particular block came from. Then within the Alert log there's a couple of options to whitelist with a click or two.



  • Try this :

    grep "maxmind.com" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld
    

    it provides some more info about pfblockerNG db.