Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL FEED BLOCKING NOT WORKING

    Scheduled Pinned Locked Moved pfBlockerNG
    15 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      faddy0102 @NogBadTheBad
      last edited by

      @NogBadTheBad Dude thanks for your detail response. I am new with PFSENSE firewall, Actually i am try to block some IP`s or domain related to RANSOMWARE , MALWARES , DDOS etc.

      Can you please guide how i done it? via DNS ? or any other way i have followed multiple videos on Youtube and follow the instruction as he guided but i am surprise to see this his settings working perfectly but mine doesnt? :(

      F 1 Reply Last reply Reply Quote 0
      • F
        faddy0102 @NogBadTheBad
        last edited by

        @NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.

        NogBadTheBadN 1 Reply Last reply Reply Quote 0
        • F
          faddy0102 @faddy0102
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • F
            faddy0102 @NogBadTheBad
            last edited by

            @NogBadTheBad Here is WAN Rules image , I didnt see any IP`s like you shared above. See the snapshot
            9bdb4e62-7b4c-4387-a686-53b48c65c9b2-image.png

            2ab39e67-1e13-477e-a5b1-7c932103d6a9-image.png

            LAN Rules:
            441eea2c-1019-4264-8fcd-df8e14cf8652-image.png

            3ea69c72-3916-4db1-ad2a-adb8c42f68ff-image.png

            Please help me !!!

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad @faddy0102
              last edited by NogBadTheBad

              @faddy0102 said in DNSBL FEED BLOCKING NOT WORKING:

              @NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.

              They are blocked by default no need to have rules on the WAN the default is deny.

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad
                last edited by NogBadTheBad

                There are loads of pfBlocker guides on the internet.

                Looks to me like you need to do a few things.

                Firewall -> pfBlockerNG -> IP in the IP Interface/Rules Configuration.

                Set Inbound Firewall Rules to the WAN interface.

                Set Outbound Firewall Rules to the Local LAN interface / interfaces

                Screenshot 2019-09-11 at 16.52.35.png

                Then look at why the pfBlocker rules your creating aren't adding any ip addresses.

                Show pfB_DNSBLIP.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                F 2 Replies Last reply Reply Quote 0
                • F
                  faddy0102 @NogBadTheBad
                  last edited by

                  @NogBadTheBad Thanks Man its working now ☺

                  Much Appreciated ..!!!

                  1 Reply Last reply Reply Quote 0
                  • F
                    faddy0102 @NogBadTheBad
                    last edited by

                    @NogBadTheBad
                    Now the second part is i need to through all deny list data to 3rd party platform for visibility to logs on monthly basis.

                    Is there any mechanism to through PF-BLOCKER data to other platform like (API , Syslog etc.)

                    3de046f5-2195-42c0-8fc9-f382101a542e-image.png

                    Please suggest.!!

                    1 Reply Last reply Reply Quote 0
                    • NogBadTheBadN
                      NogBadTheBad
                      last edited by

                      You can't syslog pfblocker events.

                      But you could syslog everything from pfSense and filter in syslog on the rule ID, it's a bit of a kludge.

                      Screenshot 2019-09-12 at 11.59.57.png

                      Screenshot 2019-09-12 at 11.59.28.png

                      Andy

                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                      F 1 Reply Last reply Reply Quote 1
                      • F
                        faddy0102 @NogBadTheBad
                        last edited by

                        @NogBadTheBad Hi, Can you please tell me which software are you using for monitoring these logs? Any suggested link ?? It will great help for me.

                        Thanks

                        1 Reply Last reply Reply Quote 0
                        • NogBadTheBadN
                          NogBadTheBad
                          last edited by

                          That output is from my network attached storage, I send my pfSense logs via syslog to it, it's not great.

                          Andy

                          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                          F 1 Reply Last reply Reply Quote 0
                          • F
                            faddy0102 @NogBadTheBad
                            last edited by

                            @NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.