Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Questions: Whitelist and UT1

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stewart
      last edited by Stewart

      I'm running the latest pfBlockerNG-devel and pfSense.

      Question 1: I feel like I've asked this question before but not sure and can't find it if I did. I'm trying to whitelist certain domains and IPs so that pfBlocker doesn't scoop them up and block them. When I attempt to create the whitelist I get the warning of:

      4259b088-fe56-4b87-93b4-08cab7c0c1d7-image.png

      I'm sure it's on purpose and is stopping me from doing something stupid. I'm not looking to specifically whitelist these sites in the pfSense firewall, I just don't want them blocked by pfBlocker.

      Question 2: I'm trying to use DNSBL categories from both Shallalist and UT1 but when I try to update the list I get:

      ===[  DNSBL Process  ]================================================
      
       Loading DNSBL Statistics... completed
       Loading DNSBL Whitelist... completed
      
      Downloading Blacklist Database(s) [ ut1 (~8.5MB) ] ... Please wait ...
      	UT1 ... Failed
      
      [ UT1_bitcoin ]			 Downloading update [ 02/19/20 17:10:38 ] .
      [ UT1_bitcoin ] file_get_contents(/var/db/pfblockerng/ut1/ut1_bitcoin): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_bitcoin ] Download FAIL
         Local File Failure
      
      [ UT1_dangerous_material ]	 Downloading update .
      [ UT1_dangerous_material ] file_get_contents(/var/db/pfblockerng/ut1/ut1_dangerous_material): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_dangerous_material ] Download FAIL
         Local File Failure
      
      [ UT1_ddos ]			 Downloading update .
      [ UT1_ddos ] file_get_contents(/var/db/pfblockerng/ut1/ut1_ddos): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_ddos ] Download FAIL
         Local File Failure
      
      [ UT1_dialer ]			 Downloading update .
      [ UT1_dialer ] file_get_contents(/var/db/pfblockerng/ut1/ut1_dialer): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_dialer ] Download FAIL
         Local File Failure
      
      [ UT1_drogue ]			 Downloading update .
      [ UT1_drogue ] file_get_contents(/var/db/pfblockerng/ut1/ut1_drogue): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_drogue ] Download FAIL
         Local File Failure
      
      [ UT1_gambling ]		 Downloading update .
      [ UT1_gambling ] file_get_contents(/var/db/pfblockerng/ut1/ut1_gambling): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_gambling ] Download FAIL
         Local File Failure
      
      [ UT1_hacking ]			 Downloading update .
      [ UT1_hacking ] file_get_contents(/var/db/pfblockerng/ut1/ut1_hacking): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_hacking ] Download FAIL
         Local File Failure
      
      [ UT1_malware ]			 Downloading update .
      [ UT1_malware ] file_get_contents(/var/db/pfblockerng/ut1/ut1_malware): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_malware ] Download FAIL
         Local File Failure
      
      [ UT1_phishing ]		 Downloading update .
      [ UT1_phishing ] file_get_contents(/var/db/pfblockerng/ut1/ut1_phishing): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_phishing ] Download FAIL
         Local File Failure
      
      [ UT1_reaffected ]		 Downloading update .
      [ UT1_reaffected ] file_get_contents(/var/db/pfblockerng/ut1/ut1_reaffected): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_reaffected ] Download FAIL
         Local File Failure
      
      [ UT1_warez ]			 Downloading update .
      [ UT1_warez ] file_get_contents(/var/db/pfblockerng/ut1/ut1_warez): failed to open stream: No such file or directory
      
      
       [ DNSBL_UT1 - UT1_warez ] Download FAIL
         Local File Failure
      

      My totals look like this:

      ===[ DNSBL Domain/IP Counts ] ===================================
      
        169034 total
         31560 /var/db/pfblockerng/dnsbl/AntiSocial_BD.txt
         26277 /var/db/pfblockerng/dnsbl/MDS.txt
         18128 /var/db/pfblockerng/dnsbl/Shallalist_spyware.txt
         14510 /var/db/pfblockerng/dnsbl/Shallalist_gamble.txt
         10951 /var/db/pfblockerng/dnsbl/Shallalist_drugs.txt
          9506 /var/db/pfblockerng/dnsbl/Cameleon.txt
          9209 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt
          8483 /var/db/pfblockerng/dnsbl/hpHosts_ATS.txt
          6693 /var/db/pfblockerng/dnsbl/SWC.txt
          6455 /var/db/pfblockerng/dnsbl/Spam404.txt
          5697 /var/db/pfblockerng/dnsbl/Adaway.txt
          2539 /var/db/pfblockerng/dnsbl/MDS_Immortal.txt
          2399 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
          2285 /var/db/pfblockerng/dnsbl/ISC_SDH.txt
          2006 /var/db/pfblockerng/dnsbl/Shallalist_warez.txt
          1459 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt
          1413 /var/db/pfblockerng/dnsbl/Shallalist_costtraps.txt
          1335 /var/db/pfblockerng/dnsbl/Shallalist_spyware_v4.ip
          1085 /var/db/pfblockerng/dnsbl/Shallalist_fortunetelling.txt
          1052 /var/db/pfblockerng/dnsbl/EasyList.txt
          1050 /var/db/pfblockerng/dnsbl/MDL.txt
          1027 /var/db/pfblockerng/dnsbl/Yoyo.txt
          1017 /var/db/pfblockerng/dnsbl/Shallalist_tracker.txt
           597 /var/db/pfblockerng/dnsbl/Shallalist_hacking.txt
           547 /var/db/pfblockerng/dnsbl/Shallalist_drugs_v4.ip
           450 /var/db/pfblockerng/dnsbl/MVPS.txt
           450 /var/db/pfblockerng/dnsbl/BBC_DC2.txt
           308 /var/db/pfblockerng/dnsbl/Shallalist_hacking_v4.ip
           269 /var/db/pfblockerng/dnsbl/Shallalist_warez_v4.ip
           179 /var/db/pfblockerng/dnsbl/Shallalist_violence.txt
            42 /var/db/pfblockerng/dnsbl/Shallalist_gamble_v4.ip
            22 /var/db/pfblockerng/dnsbl/Shallalist_violence_v4.ip
            15 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt
            11 /var/db/pfblockerng/dnsbl/Shallalist_tracker_v4.ip
             5 /var/db/pfblockerng/dnsbl/EasyList_v4.ip
             1 /var/db/pfblockerng/dnsbl/Shallalist_costtraps_v4.ip
             1 /var/db/pfblockerng/dnsbl/EasyPrivacy_v4.ip
             1 /var/db/pfblockerng/dnsbl/D_Me_Malv.txt
             0 /var/db/pfblockerng/dnsbl/UT1_warez.fail
             0 /var/db/pfblockerng/dnsbl/UT1_reaffected.fail
             0 /var/db/pfblockerng/dnsbl/UT1_phishing.fail
             0 /var/db/pfblockerng/dnsbl/UT1_malware.fail
             0 /var/db/pfblockerng/dnsbl/UT1_hacking.fail
             0 /var/db/pfblockerng/dnsbl/UT1_gambling.fail
             0 /var/db/pfblockerng/dnsbl/UT1_drogue.fail
             0 /var/db/pfblockerng/dnsbl/UT1_dialer.fail
             0 /var/db/pfblockerng/dnsbl/UT1_ddos.fail
             0 /var/db/pfblockerng/dnsbl/UT1_dangerous_material.fail
             0 /var/db/pfblockerng/dnsbl/UT1_bitcoin.fail
             0 /var/db/pfblockerng/dnsbl/D_Me_Malw.txt
             0 /var/db/pfblockerng/dnsbl/Abuse_URLBL.txt
             0 /var/db/pfblockerng/dnsbl/Abuse_DOMBL.txt
      

      Looks like Shallalist is working but UT1 isn't. Is there a problem with UT1 or are we unable to cross use the 2 lists?

      Thanks for the help!
      Edit: for clarity

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @Stewart
        last edited by

        @Stewart Add the white list here Firewall>pfBlockerNG-DNSBL...the shallalist and the UT1 site might just be down...give it a day or two.
        Screen Shot 2020-02-19 at 7.21.54 PM.png

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        RonpfSR 1 Reply Last reply Reply Quote 0
        • S
          Stewart
          last edited by

          Thanks. That takes care of DNS blocks. What about IP blocks? How do I whitelist those? Is it the IPv4 Suppression section?

          Also, UT1 is still not downloading for me. Is it up for anyone else?

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense @Stewart
            last edited by

            @Stewart said in 2 Questions: Whitelist and UT1:

            Thanks. That takes care of DNS blocks. What about IP blocks? How do I whitelist those? Is it the IPv4 Suppression section?

            Also, UT1 is still not downloading for me. Is it up for anyone else?

            That's correct on the IPv4...remember to force reload after you saved. I don't use the UT1 feed so I cannot say...give it a little more time.

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • S
              Stewart
              last edited by

              Well, the DNSBL_Whitelist didn't work for me. Had a site trying to get to na2.docusign.net which is blocked by the Malicious > Antisocial list. We put in na2.docusign.net and docusign.net into the DNSBL_Whitelist area and went to Update > Update > Run but the sites were still blocked. We disabled the antisocial list for now and ran the update and it's working but is it required to run a reload as opposed to an update to get the whitelist updates to take effect?

              NollipfSenseN 1 Reply Last reply Reply Quote 0
              • NollipfSenseN
                NollipfSense @Stewart
                last edited by NollipfSense

                @Stewart said in 2 Questions: Whitelist and UT1:

                but is it required to run a reload as opposed to an update to get the whitelist updates to take effect?

                That's what I said... (remember to force reload after you saved.)...else you just updating the same blocked database with no change. Here, I chose all; however, you can reload just the DNSBL.
                Screen Shot 2020-02-24 at 10.44.58 AM.png

                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                S 1 Reply Last reply Reply Quote 0
                • S
                  Stewart @NollipfSense
                  last edited by

                  @NollipfSense Thanks. I was just confirming. They needed it up and running right away which is why I shut it off before coming back to check. I'll be switching it back in a couple of hours and wanted to make sure of the process before I do. Looking at that list, though, I'm not sure if I even want it. It blocks OneDrive (and by extension O365 Sharepoint) as well as Docusign. It seems like those are pretty important to many business workloads.

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR
                    RonpfS @NollipfSense
                    last edited by RonpfS

                    @NollipfSense Your Whitlelist should have only domain names, no URLs or http://

                    2.4.5-RELEASE-p1 (amd64)
                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                    NollipfSenseN 1 Reply Last reply Reply Quote 0
                    • NollipfSenseN
                      NollipfSense @RonpfS
                      last edited by

                      @RonpfS said in 2 Questions: Whitelist and UT1:

                      @NollipfSense Your Whitlelist should have only domain names, no URLs or http://

                      That's what I have...see second post...WAIT, I see the mistake...thanks!

                      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.