pfblocker blocks security.debian.org



  • Hi, I am trying to tell pfblocker to not block security patch address.
    The entry in the dnsbl alert task looks strange:

    segwg.JPG

    whitelist entry for TLD and DNSBL has been added and DNSBL got reloaded. any hint where to search?

    gfntz.JPG



  • Put debian.org instead or security.debian.org in TLD exclusion list, remove .debian.org and security.debian.org from Whitelist, Force Reload DNSBL.

    Access the site, then see what Alert is showing. You can then use the Alerts tab "+" icon to whitelist what's needed.



  • followed your instructions, but still the same.
    I do not get a plus sign to add it. See 1st screenshot



  • Well did you look at pfblockerng.log to see what is done ? Do you see debian anywhere in the processing ? Do you have TLD enabled ?



  • TLD Whitelist debian.org|128.31.0.62

    yes, it is included
    yes, TLD enabled



  • Well from what you typed debian.org is still in the DNSBL Whitelist...



  • To find out the feed for debian, do this in a Shell cmd

    grep "debian.org" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /usr/local/pkg/pfblockerng/dnsbl_tld
    


  • @RonpfS
    sorry to ask, but how do I do it?
    via execute command (browser UI?)
    or do I need to open up an SSH session?



  • Diagnostics / Command prompt is one way.



  • @RonpfS said in pfblocker blocks security.debian.org:

    grep "debian.org" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /usr/local/pkg/pfblockerng/dnsbl_tld

    safgsg.JPG



  • @RonpfS said in pfblocker blocks security.debian.org:

    grep "debian.org" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /usr/local/pkg/pfblockerng/dnsbl_tld

    It doesn't seems you have debian.org in any DNSBL group....
    Add the dnsblalias/* to the grep :

    grep "debian.org" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/db/pfblockerng/dnsblalias/*  /usr/local/pkg/pfblockerng/dnsbl_tld
    

    Do you have it in any DNSBL Custom_List ?

    Why don't you post pfblockerng.log so we can put some light on you issue.



  • the log is just too big to post it in this forum, here is one run attached:
    log.txt



  • You can also zip the log.

    For all those URLs that gave you SSL certificate problem, change the State from ON to FLEX. Than run a Force Reload DNSBL.

    You also have problem with your DNSBL Whitelist

    TLD:
    
     TLD Whitelist - Missing data | heise.de/ | a.root-servers.net. nstld.verisign-grs.com. 2019041401 1800 900 604800 86400 |
     TLD Whitelist web.de|82.165.230.17
    
     TLD Whitelist - Missing data | malwaredb.malekal.com | ns1.gandi.net. hostmaster.gandi.net. 1552922405 10800 3600 604800 10800 |
     TLD Whitelist maxmind.com|104.16.38.47
    
     TLD Whitelist - Missing data | reputation.alienvault.com | reputation.alienvault.io. |
     TLD Whitelist rules.emergingthreats.net|204.12.217.19
    
     TLD Whitelist - Missing data | login.live.com | login.msa.akadns6.net. |
     TLD Whitelist debian.org|128.31.0.62
     Blocking full TLD/Sub-Domain(s)... |cdn2.spiegel.de|cp.abbp1.com| completed
    

    Fix that first, click on the blue Infoblock to get it right. Again a Force Reload DNSBL for change to take effect.



  • thanks for your support,
    will try to fix that and come back tomorrow.
    one loading round takes about 20 minutes



  • Well you have probably too many URLs.
    Do you really need all the EasyList language ?

    Also you are using some tables that haven't changed since 2014 : May 20 2014 Malekal_Hosts

    Review the logs file to detect issues.


Log in to reply