DNSBL FEED BLOCKING NOT WORKING
-
Hi i have set it up PFBLOCKER NG -DEV LEVEL BUT when i try to block IP`s or Domain via DNSBL feed its not blocking at all.
Firewall LAN Rule:
Also I am sharing you my PFBLOCKER SETTINGS:
Second Image:
Third Image DNS Resolver:
When i process NSLOOKUP its simple pass the traffic no VIP address shown on that.
My System LAN IP: 192.168.61.23
MY System LAN GW: 192.168.61.200
MY System DNS: 192.168.61.200My PFSENSE LAN IP: 192.168.61.200
MY PFSENSE DNS: 192.168.61.200
MY PFSENSE WAN IP: (Cant Show you on this not allowed)Here is my WAN Rules:
Can somebody please guide me whats i am doing wrong on it.? Why its not blocking ?
Also not showing on ALERTS tab.Thanks
-
I see no command output of your "nslookup". I also see no logs of pfBNG-devel if you have any DNSBL lists active and enabled. So beside captain capslock in your topic title, I don't see anything to help you instead of just reading my broken crystal ball.
Show the feeds you have subscribed. Show the lists that have updated. Show us some logs that blacklists have been downloaded and activated. Besides that shouting "NOT WORKING" is no valid error description.
-
Three comments unreleated to your actual issue:-
-
Why the WAN rules and why is https open on the WAN interface, hope your port forwarding it.
-
Your 3rd LAN rule destination should be either LAN address or This Firewall.
-
Your 4th LAN rule won't do anything as traffic will match the rule above it.
Related to the issue:-
- If you mouse over pfB_DNSBLIP_v4 does it show any entries.
- What exactly are you trying to block, DNS requests to anything apart from your pfSense device.
-
-
@NogBadTheBad Dude thanks for your detail response. I am new with PFSENSE firewall, Actually i am try to block some IP`s or domain related to RANSOMWARE , MALWARES , DDOS etc.
Can you please guide how i done it? via DNS ? or any other way i have followed multiple videos on Youtube and follow the instruction as he guided but i am surprise to see this his settings working perfectly but mine doesnt? :(
-
@NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.
-
This post is deleted! -
@NogBadTheBad Here is WAN Rules image , I didnt see any IP`s like you shared above. See the snapshot
LAN Rules:
Please help me !!!
-
@faddy0102 said in DNSBL FEED BLOCKING NOT WORKING:
@NogBadTheBad I am trying to block incoming and outgoing both bad IP`s or domain traffic.
They are blocked by default no need to have rules on the WAN the default is deny.
-
There are loads of pfBlocker guides on the internet.
Looks to me like you need to do a few things.
Firewall -> pfBlockerNG -> IP in the IP Interface/Rules Configuration.
Set Inbound Firewall Rules to the WAN interface.
Set Outbound Firewall Rules to the Local LAN interface / interfaces
Then look at why the pfBlocker rules your creating aren't adding any ip addresses.
Show pfB_DNSBLIP.
-
@NogBadTheBad Thanks Man its working now
Much Appreciated ..!!!
-
@NogBadTheBad
Now the second part is i need to through all deny list data to 3rd party platform for visibility to logs on monthly basis.Is there any mechanism to through PF-BLOCKER data to other platform like (API , Syslog etc.)
Please suggest.!!
-
You can't syslog pfblocker events.
But you could syslog everything from pfSense and filter in syslog on the rule ID, it's a bit of a kludge.
-
@NogBadTheBad Hi, Can you please tell me which software are you using for monitoring these logs? Any suggested link ?? It will great help for me.
Thanks
-
That output is from my network attached storage, I send my pfSense logs via syslog to it, it's not great.
-
@NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.