Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL FEED BLOCKING NOT WORKING

    Scheduled Pinned Locked Moved pfBlockerNG
    15 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      I see no command output of your "nslookup". I also see no logs of pfBNG-devel if you have any DNSBL lists active and enabled. So beside captain capslock in your topic title, I don't see anything to help you instead of just reading my broken crystal ball.

      Show the feeds you have subscribed. Show the lists that have updated. Show us some logs that blacklists have been downloaded and activated. Besides that shouting "NOT WORKING" is no valid error description.

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by NogBadTheBad

        Three comments unreleated to your actual issue:-

        1. Why the WAN rules and why is https open on the WAN interface, hope your port forwarding it.

        2. Your 3rd LAN rule destination should be either LAN address or This Firewall.

        3. Your 4th LAN rule won't do anything as traffic will match the rule above it.

        Related to the issue:-

        1. If you mouse over pfB_DNSBLIP_v4 does it show any entries.

        Screenshot 2019-09-11 at 15.48.57.png

        1. What exactly are you trying to block, DNS requests to anything apart from your pfSense device.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        F 3 Replies Last reply Reply Quote 0
        • F
          faddy0102 @NogBadTheBad
          last edited by

          @NogBadTheBad Dude thanks for your detail response. I am new with PFSENSE firewall, Actually i am try to block some IP`s or domain related to RANSOMWARE , MALWARES , DDOS etc.

          Can you please guide how i done it? via DNS ? or any other way i have followed multiple videos on Youtube and follow the instruction as he guided but i am surprise to see this his settings working perfectly but mine doesnt? :(

          F 1 Reply Last reply Reply Quote 0
          • F
            faddy0102 @NogBadTheBad
            last edited by

            @NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.

            NogBadTheBadN 1 Reply Last reply Reply Quote 0
            • F
              faddy0102 @faddy0102
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • F
                faddy0102 @NogBadTheBad
                last edited by

                @NogBadTheBad Here is WAN Rules image , I didnt see any IP`s like you shared above. See the snapshot
                9bdb4e62-7b4c-4387-a686-53b48c65c9b2-image.png

                2ab39e67-1e13-477e-a5b1-7c932103d6a9-image.png

                LAN Rules:
                441eea2c-1019-4264-8fcd-df8e14cf8652-image.png

                3ea69c72-3916-4db1-ad2a-adb8c42f68ff-image.png

                Please help me !!!

                1 Reply Last reply Reply Quote 0
                • NogBadTheBadN
                  NogBadTheBad @faddy0102
                  last edited by NogBadTheBad

                  @faddy0102 said in DNSBL FEED BLOCKING NOT WORKING:

                  @NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.

                  They are blocked by default no need to have rules on the WAN the default is deny.

                  Andy

                  1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                  1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad
                    last edited by NogBadTheBad

                    There are loads of pfBlocker guides on the internet.

                    Looks to me like you need to do a few things.

                    Firewall -> pfBlockerNG -> IP in the IP Interface/Rules Configuration.

                    Set Inbound Firewall Rules to the WAN interface.

                    Set Outbound Firewall Rules to the Local LAN interface / interfaces

                    Screenshot 2019-09-11 at 16.52.35.png

                    Then look at why the pfBlocker rules your creating aren't adding any ip addresses.

                    Show pfB_DNSBLIP.

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    F 2 Replies Last reply Reply Quote 0
                    • F
                      faddy0102 @NogBadTheBad
                      last edited by

                      @NogBadTheBad Thanks Man its working now ☺

                      Much Appreciated ..!!!

                      1 Reply Last reply Reply Quote 0
                      • F
                        faddy0102 @NogBadTheBad
                        last edited by

                        @NogBadTheBad
                        Now the second part is i need to through all deny list data to 3rd party platform for visibility to logs on monthly basis.

                        Is there any mechanism to through PF-BLOCKER data to other platform like (API , Syslog etc.)

                        3de046f5-2195-42c0-8fc9-f382101a542e-image.png

                        Please suggest.!!

                        1 Reply Last reply Reply Quote 0
                        • NogBadTheBadN
                          NogBadTheBad
                          last edited by

                          You can't syslog pfblocker events.

                          But you could syslog everything from pfSense and filter in syslog on the rule ID, it's a bit of a kludge.

                          Screenshot 2019-09-12 at 11.59.57.png

                          Screenshot 2019-09-12 at 11.59.28.png

                          Andy

                          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                          F 1 Reply Last reply Reply Quote 1
                          • F
                            faddy0102 @NogBadTheBad
                            last edited by

                            @NogBadTheBad Hi, Can you please tell me which software are you using for monitoring these logs? Any suggested link ?? It will great help for me.

                            Thanks

                            1 Reply Last reply Reply Quote 0
                            • NogBadTheBadN
                              NogBadTheBad
                              last edited by

                              That output is from my network attached storage, I send my pfSense logs via syslog to it, it's not great.

                              Andy

                              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                              F 1 Reply Last reply Reply Quote 0
                              • F
                                faddy0102 @NogBadTheBad
                                last edited by

                                @NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.