Blocking Yahoo and Tumblr with PfblockerNG-Devl



  • Hi,
    I'm trying to block Yahoo and Tumblr. None of this domains are getting blocked with pfblockerng
    nslookup shows

    yahoo.com
    Server: 1.55.168.192.in-addr.arpa
    Address: 192.168.55.1

    Name: yahoo.com
    Address: 10.10.10.1

    tumblr.com
    Server: 1.55.168.192.in-addr.arpa
    Address: 192.168.55.1

    Name: tumblr.com
    Address: 10.10.10.1

    Created IPv4 Deny Both rule for WHOIS. See the screenshot
    0_1552319782177_IPv4 Yahoo Block.PNG

    How can i add all ASN of Yahoo, since there are many, possibly which are not added, might be based on those ASN its accessible.

    Any assistance might be helpful.



  • It looks like you are trying to block domain names using the IP blocking feature.
    Try going to the "DNSBL" tab at the top, and you should find what you are looking for.



  • I have already added yahoo.com in DNSBL custom list, also i have blocked search engine category. Still https://www.yahoo.com is accessible. But http://yahoo.com is getting blocked.

    What specific config I'm missing.
    Also i have applied snort openappid rules, nothing stops SSL Yahoo

    Anything else to be done



  • Did you run a manual update after adding the DNSBL rules?

    I have already added yahoo.com in DNSBL custom list, also i have blocked search engine category. Still https://www.yahoo.com is accessible. But http://yahoo.com is getting blocked.

    I'm slightly confused what you meant here, but I assume some other search engine (other than yahoo) is being blocked. That's a good sign that everythnig is enabled and running correctly. As I recall, you need to check the box to enable pfBlockerNG, check another box to enable DNSBL, then create a DNSBL feed, set it to "Unbound" and add the domain name(s) you want to block in the "Custom Block List" section of the feed setup page. Putting the domain name anywhere else probably will not work. (On the main DNSBL page, there are options for blacklisting TLDs, whitelisting specific domains, etc, none of which will help you for this.) You also need your DNS resolver turned on, and DNS forwarding turned off. Make sure your PC is requesting DNS from pfSense (this is default), and not reaching out directly to custom specified DNS server (which you could have deliberately set).

    Also, probably a stupid suggestion, but you might want to clear your cache, to be sure that you are actually requesting the IP from the DNS. You can flush the Windows DNS cache using "ipconfig /flushdns" in the commandline, though your browser may have it's own cache as well, so it wouldn't hurt to clear that as well.



  • Hi,
    Thanks CyberMinion for detail instructions. I have applied all possible configuration to PFBNG and getting protection as required. The only issue is yahoo is not getting blocked. I need flushed dns cache , updated several times upon every change in PFBNG.
    I could not find where is Custom Block/Black List in DNSBL, may be i missing something to add here.

    Even DNSBL category for web categorization in UT1 and Shalla lists, i have selected search engine to block dukduckgo in this category is getting blocked, but Yahoo seems to work after adding to block
    I'm sure something extra i would require to block either
    All Yahoo ASN, IP addresses ipv4/v6, DNS.
    I'm not using TLD selection as i do not have enough memory on box.

    Any further thoughts



  • When you successfully get through to yahoo, are you at "www.yahoo.com", or are you on a subdomain? For example, Yahoo Search is "https://search.yahoo.com" which would probably require TLD blocking, though I wonder if you could manually list it in the block list...that might work.

    As for the custom block list, open DNSBL, and go to the "DNSBL Feeds" tab. Click the "Add" button in the lower right. You should get a screen like this:
    0_1552606437622_ad5b14cc-30f8-49e9-a006-cadeb2270501-image.png
    Add a name, description, and set "list action" to unbound. Then at the bottom, expand the "Custom block list" section, as I have done in this example, and add yahoo.com. You could also try adding in some of their subdomains, like mail.yahoo.com and search.yahoo.com

    Then click the save button, then go run an "update" or "Cron" job:
    0_1552606607834_b2f3d2be-24fe-4c6c-93ed-c6e5f8dce61d-image.png
    (mine in this photo is running auto cron jobs)

    That should do it. It is possible that for some reason, yahoo didn't make the blocklist you are using now. If that is the case, this should work.



  • CyberMinion, Thanks again.
    Which PBNG ver you're running. It looks different from mine pfBlockerNG-devel 2.2.1 Probably for the ver difference, the latest ver might have new features which i'm missing to apply.
    Though, i don't see new package, i will try your configuration.
    You took time to assist in every possible way. Great Help!!



  • I'm happy to assist, mushtash, though you're right, I'm currently running the prod version: 2.1.4_16

    Anyone else here using the dev version who might know the answer to this question?


Log in to reply