DNSBL FEED BLOCKING NOT WORKING
-
Three comments unreleated to your actual issue:-
-
Why the WAN rules and why is https open on the WAN interface, hope your port forwarding it.
-
Your 3rd LAN rule destination should be either LAN address or This Firewall.
-
Your 4th LAN rule won't do anything as traffic will match the rule above it.
Related to the issue:-
- If you mouse over pfB_DNSBLIP_v4 does it show any entries.
- What exactly are you trying to block, DNS requests to anything apart from your pfSense device.
-
-
@NogBadTheBad Dude thanks for your detail response. I am new with PFSENSE firewall, Actually i am try to block some IP`s or domain related to RANSOMWARE , MALWARES , DDOS etc.
Can you please guide how i done it? via DNS ? or any other way i have followed multiple videos on Youtube and follow the instruction as he guided but i am surprise to see this his settings working perfectly but mine doesnt? :(
-
@NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.
-
This post is deleted! -
@NogBadTheBad Here is WAN Rules image , I didnt see any IP`s like you shared above. See the snapshot
LAN Rules:
Please help me !!!
-
@faddy0102 said in DNSBL FEED BLOCKING NOT WORKING:
@NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.
They are blocked by default no need to have rules on the WAN the default is deny.
-
There are loads of pfBlocker guides on the internet.
Looks to me like you need to do a few things.
Firewall -> pfBlockerNG -> IP in the IP Interface/Rules Configuration.
Set Inbound Firewall Rules to the WAN interface.
Set Outbound Firewall Rules to the Local LAN interface / interfaces
Then look at why the pfBlocker rules your creating aren't adding any ip addresses.
Show pfB_DNSBLIP.
-
@NogBadTheBad Thanks Man its working now
Much Appreciated ..!!!
-
@NogBadTheBad
Now the second part is i need to through all deny list data to 3rd party platform for visibility to logs on monthly basis.Is there any mechanism to through PF-BLOCKER data to other platform like (API , Syslog etc.)
Please suggest.!!
-
You can't syslog pfblocker events.
But you could syslog everything from pfSense and filter in syslog on the rule ID, it's a bit of a kludge.
-
@NogBadTheBad Hi, Can you please tell me which software are you using for monitoring these logs? Any suggested link ?? It will great help for me.
Thanks
-
That output is from my network attached storage, I send my pfSense logs via syslog to it, it's not great.
-
@NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.