pfBlockerNG not working

MrPutin

hello, i have been using pfsense for 2 weeks, i have trouble using pflockerNG, i follow the instructions in link youtube: https://www.youtube.com/watch?v=QwFpMwXEK5w
But I don't understand why pfBlockerNG doesn't work, please help me.
https://imgur.com/VTtAH9V
https://imgur.com/AyUl4Bt
https://imgur.com/ENMSOsH
https://imgur.com/yJy4szr
https://imgur.com/eILLQaZ
https://imgur.com/868TMsq
https://imgur.com/ie64I9g
https://imgur.com/p2rRlmY

BBcan177

@MrPutin, Try this tutorial:
https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

MrPutin

@BBcan177
I followed the links you sent, but still doesn't work
!(https://ibb.co/ypZsWXz)

BBcan177

@MrPutin

What problem are you having? I can't diagnose without any relevant information? Logs? Description?

MrPutin

@BBcan177
Let me know what information you need and how to get that information? I have been using fpsense for 2 weeks - sorry, if it takes your time

BBcan177

@MrPutin

What are you trying to accomplish? IP and DNSBL (Domain) blocking?
For DNSBL, you need to make sure that your LAN Devices have their DNS setting set to pfSense only, and no other DNS server.

Goto the pfBlockerNG Log Browser Tab and review the pfblockerng.log and error.log.
Run a "Force Reload All" and post the output here.

MrPutin

@BBcan177

• I have DC server : DHCP and DNS server -192.168.2.1 , 2 WANs
  *Pfsense - i have : openVPN , DHCP replay ,DNS Resolver ,and pfBlockerNG-devel
  I send you the log and photos
  

BBcan177

If you have an AD/DHCP/DNS Server, then make sure that all Lan devices are pointing their DNS Settings to you AD/DNS server. Then set the AD DNS server "Forwarder" to pfSense, so that DNSBL can filter those requests.

MrPutin

@BBcan177
Then set the AD DNS server "Forwarder" to pfSense, so that DNSBL can filter those requests. >>>This is my silly mistake, thank you very much for your help !!!

shoaib

@MrPutin I am facing the same problem, could you please guide me as well. i am using pfsense as my dns server but still can't make it work. also i have vpn configured ipsec and lan2 .. maybe that's causing the problem..

Gertjan

@shoaib said in pfBlockerNG not working:

also i have vpn configured ipsec and lan2 .. maybe that's causing the problem..

Well ????
Ditch that VPN and ipsec and re-test.

if not,

@shoaib said in pfBlockerNG not working:

same problem

This was already solved :

@BBcan177 said in pfBlockerNG not working:

What problem are you having? I can't diagnose without any relevant information? Logs? Description?

UWLane

@BBcan177
I am having an issue where my local machine is not redirecting all dns traffic to local host. I have the firewall rules in place as per instructions to catch all other outbound dns requests other than local dns but it doesn't block. Just wondering if you can assist?

malf0rmedZ

Hi, I have a similar problem and setup.

I'm using DNSBL with a few block lists. I followed this setup guide.

My main concern is blocking porn as I have kids at home.

In my tests yesterday, some websites were blocked and some that are clearly in the lists were not.

Today I enabled DNSBL again without really making any changes (apart for the daily pfSense reboot) and now porn sites are blocked.

I'll shed more details on the problem and my setup:

An example site is porn(h)ub. It is in the block list but I could still browse it.

Here are screenshots of my setup:
https://imgur.com/a/P3ADnd8

JeGr

@UWLane said in pfBlockerNG not working:

I am having an issue where my local machine is not redirecting all dns traffic to local host. I have the firewall rules in place as per instructions to catch all other outbound dns requests other than local dns but it doesn't block. Just wondering if you can assist?

What's that to do with pfBlocker? If your local machine is not "redirecting" all dns traffic to localhost(? what do you mean by that?) - there's nothing pfsense or pfblocker can do.

You can catch DNS and DoT requests with the firewall and redirect it to pfsense so unbound is used but if your client uses some sort of DoH (DNS over HTTPS) there's nothing pfsense, pfblocker or anyone can do besides you stop your client using that application/setting.

Gertjan

This :

conflicts with this :
Please read again the "fine print" :

Also :

which opens the way to :
A DNS request that exists on ("in") pfSEnse can go to 127.0.0.1 - Unbound or Dnsmas (the forwarder), who ever is servering DNS,
Or
to 185............. (why did you hide this IP ?)
or
to 195............. (why did you hide this IP ?)

185........ and 195...... do also DNSBL for you ? If so, do you control 'them' ?

@malf0rmedZ said in pfBlockerNG not working:

I followed this setup guide.

Re read this :

I guess you understand know what this means ;)
@malf0rmedZ said in pfBlockerNG not working:

In my tests yesterday, some websites were blocked and some that are clearly in the lists were not.

What web sites ?
Which feeds ?

malf0rmedZ

@Gertjan, thanks for pointing out my misconfigurations, do note that my DNS clients are pointing to the domain controller which uses pfSense as the DNS forwarder (see Windows DNS server screenshot).

I guess I don't fully understand what I should do so if you could please advise that would be much appreciated. Thanks!

Gertjan

Check your DHCP sever.
Does it hand out the correct DNS info to the (your) LAN network clients ?
If needed, check all these clients, see what DNS they use.

Read this : Home > pfSense Software > DHCP and DNS the very first thread "Be aware of Trusted Recursive Resolver (TRR) in Firefox" knowing that it's not only Firefox that can do "DoT" .... most browser - and other applications (!) can do DoT these days.
Which means that "the phone of your kid" can have Apps that don't bother with your "pfBlockerNG - DNSBL", they surpass it completely.
It's like https traffic that can not be intercepted,. This includes the CIA, NSA and KGB (or what ever they call themselves these days).
Blocking outgoing port 853, TCP and UDP might help here, and even forcing to use your DNS ** - not some one else's DNS.

** see them pfSense manual.

malf0rmedZ

Yes my DHCP clients are getting the correct DNS server address (domain controller with pfSense as the forwarder).

From your response I still don’t understand what I need to correct in my settings. I sent detailed screenshots so all the configuration information is there. “Do 1...2...3....” type instructions would be ideal, I can’t be that far off from the correct settings I would think.

If someone could please assist that would be much appreciated :)

RonpfS

@malf0rmedZ said in pfBlockerNG not working:

https://i.imgur.com/FOf0DWd.png

You should click on the Infoblock to get the right settings : The " + " isn't allowed in group name

malf0rmedZ

Thanks RonpfS

@bmeeks your unique explanation abilities will be mightily appreciated - if you can assist in distilling the above comments into clear steps I need to take that will be a huge help. Thanks in advance