PfblockerNG to block porn

yeleek

Hi,

Previously I've always used Squid/Squidguard, but after a time away from Pfsense I'm trying to use PfblockerNG to do the same. I'm struggling somewhat though as I cannot find decent docs. I've installed the dev version of PfblockerNG from the package manager.

I've enabled PfblockerNG, DNSBL and TLD. From the DNSBL Category I've enabled blacklist category, Shallalist (which is specifically set to 'Porn'.

When I try to force an update though I am seeing this message in the logs.

'Downloading Blacklist Database(s) [ shallalist (~10MB) ] ... Please wait ...

[ Shallalist_porn ] Downloading update [ 01/13/19 11:47:31 ] .
[ Shallalist_porn ] file_get_contents(/var/db/pfblockerng/shallalist/shallalist_porn): failed to open stream: No such file or directory

[ DNSBL_Shallalist - Shallalist_porn ] Download FAIL
Local File Failure'

Any idas please? WHat am I doing wrong?

Thanks in advance

Grimson

https://forum.netgate.com/topic/139517/pfblockerng-devel-category-feed-patch

@yeleek said in PfblockerNG to block porn:

WHat am I doing wrong?

You're not checking already existing posts before creating your own thread. Don't be lazy/ignorant.

Asamat

Blocking porn is really difficult with DNSBL. There are millions of domains.

This is what you can do:

• Enable the TLD option, and add "xxx" to the TLD Blacklist customlist. Then it will block any domain in the "xxx" TLD.
• In EasyList, there are Adult Popups that are blocked, but that just removes the Adult AD popups, and not the Adult sites themselves.
• A Proxy will be the best option to filter that type of content. SquidBlacklist/UT1 have some Adult categories which list quite a few Adult domains. It’s not foolproof either. Just be careful about MITM SSL issues.

tsberry901

CloudFlare offers free porn and malware filtering. Just plug in the following DNS server into pfsense:
1.1.1.3 (IPV4) 2606:4700:4700::1113 (IPV6)
(Make them your only DNS servers, or point your resolver to them.)
Also enable SafeSearch if you're using pfblockerng.
The nice thing about this setup is that you don't have to manage any lists-cloudflare does it for you. (Won't be free forever.)
(It MAY block some pay video sites just because they occasionally offer "adult" content.)

FuzzzyWuzzzy

@yeleek I believe that the Shallalist feed no longer works. Switch to the Université de Toulouse 1 Capitol - UT1 feed and select the Adult (XXX) category.

Gertjan

@CollectiveSoul

Keep in mind :

This message is means : don't presume "click and done".
The list is huge. Downloading take time : it toke more then 50 seconds over my close to 1 Gbits / sec connection : this means to me that the hosting server is rather limited. The file weights 225 Mbytes.
That is 4 and a half million lines / DNSBL !!
These have to be sorted, merged with the other feeds/ DNSBL files.

I activated this UT1-XXX feed (only the 'large' one) and then I went to Firewallpf > BlockerNG > Update.

[ Force Reload Task - All ]
UPDATE PROCESS START [ v3.2.0_6 ] [ 09/8/23 09:21:15 ]
.....

UPDATE PROCESS ENDED [ 09/8/23 09:29:30 ]

8 minutes !!!!
My Netgate 4100 MAX (4 Gbyte of memory) didn't feel happy about it :

So, be warned : when using big lists, keep an eye on your pfSense.
Big iron, big memory advised.

provels

I picked up a copy of the last Shallalist from archive.org. I placed it in /var/db/pfblockerng. It seems that it get deleted every time update runs, so I set up cron to copy a spare copy of the original to that folder periodically, like at reboot (bc I'm using ramdisks) and before the scheduled update runs.
Also, the Steven Black list works very well.

FuzzzyWuzzzy

@Gertjan You are certainly correct that the Adult (XXX) category that's available on UT1 is huge. But at least the option is available for those that have the proper firewall hardware for it. While the Shallalist does not seem to be available currently. Archives are an option, but they are mostly outdated since they're no longer updated regularly.