PFblockNG Devel not logging or blocking domains

antoni777

@antoni777

I also reduced the feeds to the bare minimum. And verified they still active.

jdeloach

@antoni777 said in PFblockNG Devel not logging or blocking domains:

@antoni777

I also reduced the feeds to the bare minimum. And verified they still active.

Here is some good reading for using DNSBL in pfBlocker. It also has some good info on how to configure DNSBL in pfBlocker: https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

NollipfSense

@antoni777 said in PFblockNG Devel not logging or blocking domains:

This is the only network device I have, no other dns resolvers. Everything else ( APs & switch are behind)

What I mean is your DNS is 192.168.1.1 or whatever custom IP you chose for LAN plus a LAN firewall rule. All devices on your network must have 192.168.1.1 or whatever custom IP for DNS.

antoni777

@NollipfSense
I have different DNS IPs defined in the DHCP settings per network. I use the Clean Browsing DNS servers to block all adult sites for the for the family. i use defaults for all devices in the network. so they get their dns setting from the PfSense DHCP. Do i need a firewall rule per network still to define the DNS?

NollipfSense

@antoni777 said in PFblockNG Devel not logging or blocking domains:

Do i need a firewall rule per network still to define the DNS?

Yes...that way you restrict all LAN devices to use pfSense via port 53 to resolve DNS request. You can use other DNS service on pfSense such as in my case I use OpenDNS.

antoni777

@NollipfSense I'm not well versed with firewall rules yet. In the rule do i need to specify the virtual IP of the PfBlockerNG dns?

NollipfSense

@antoni777 That's why I post the LAN firewall rule about...you can copy and set the rule like that...pay attention to the destination port...be sure it's port 53 from and to... pfSense will use your LAN IP.

antoni777

Good morning,

My apologies it took some time to get back on this issue. I created the rules the ads are gone but the count still showing nothing. I reloaded the package. Should i reinstall it? Also browsing is taking a long time when compared as it was before without the firewall rules.

thanks for your patience.
V/r

NollipfSense

@antoni777 said in PFblockNG Devel not logging or blocking domains:

Good morning,

My apologies it took some time to get back on this issue. I created the rules the ads are gone but the count still showing nothing. I reloaded the package. Should i reinstall it? Also browsing is taking a long time when compared as it was before without the firewall rules.

thanks for your patience.
V/r

Not sure why your browsing experience is slow...should not affect that. You could surely reinstall the package; however, before you do ensure that you check the box to keep settings.

antoni777

UPDATE PROCESS START [ 03/27/20 09:54:27 ]

===[ DNSBL Process ]================================================

Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding

Loading DNSBL Whitelist... completed

[ EasyList ] Downloading update .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

1586 1586 0 0 0 1586

[ EasyPrivacy ] Downloading update [ 03/27/20 09:54:29 ] .. 200 OK.

Whitelist: collector-cdn.github.com
Orig. Unique # Dups # White # TOP1M Final

---

2662 2660 0 1 0 2659

[ Adaway ] Downloading update [ 03/27/20 09:54:38 ] .. 200 OK.
Whitelist: 5726.bapi.adsafeprotected.com|6058.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|6067.bapi.adsafeprotected.com|623.bapi.adsafeprotected.com|6539.bapi.adsafeprotected.com|707.bapi.adsafeprotected.com|7093.bapi.adsafeprotected.com|7202.bapi.adsafeprotected.com|7246.bapi.adsafeprotected.com|7250.bapi.adsafeprotected.com|7251.bapi.adsafeprotected.com|7882.bapi.adsafeprotected.com|8328.bapi.adsafeprotected.com|9.bapi.adsafeprotected.com|aax-us-east.amazon-adsystem.com|advertising.apple.com|amidt.adsafeprotected.com|amipm.adsafeprotected.com|anycast.dt.adsafeprotected.com|anycast.fw.adsafeprotected.com|anycast.pixel.adsafeprotected.com|api.adsafeprotected.com|appvast.adsafeprotected.com|banners.itunes.apple.com|bapi.adsafeprotected.com|bs.serving-sys.com|c.amazon-adsystem.com|ca.iadsdk.apple.com|cdn.adsafeprotected.com|cf.iadsdk.apple.com|control.kochava.com|cs.iadsdk.apple.com|daldt.adsafeprotected.com|dalpm.adsafeprotected.com|device-metrics-us-2.amazon.com|dt.adsafeprotected.com|fls-na.amazon.com|fw.adsafeprotected.com|fwapi.adsafeprotected.com|fwvc.adsafeprotected.com|iadmoo.apple.com|iadsdk.apple.com|imp.control.kochava.com|mads.amazon-adsystem.com|mobile-static.adsafeprotected.com|mobile.adsafeprotected.com|nyidt.adsafeprotected.com|nyipm.adsafeprotected.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|px.moatads.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|sfw.adsafeprotected.com|sjedt.adsafeprotected.com|sjepm.adsafeprotected.com|spixel.adsafeprotected.com|static.adsafeprotected.com|su.iadsdk.apple.com|tr.iadsdk.apple.com|ut.iadsdk.apple.com|vast.adsafeprotected.com|vastpixel.adsafeprotected.com|video.adsafeprotected.com|vpaid.adsafeprotected.com|

Orig. Unique # Dups # White # TOP1M Final

12175 12174 202 66 0 11906

[ Cameleon ] Downloading update .. 200 OK.
Whitelist: 5726.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|aax-eu.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax.amazon-adsystem.com|ads.sourceforge.net|bs.serving-sys.com|c.amazon-adsystem.com|cdn.adsafeprotected.com|dt.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-na.amazon-adsystem.com|fw.adsafeprotected.com|images-aud.sourceforge.net|ir-de.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|metrics.apple.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|ps-eu.amazon-adsystem.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-eu.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|securemetrics.apple.com|spixel.adsafeprotected.com|static.adsafeprotected.com|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-na.amazon-adsystem.com|

Orig. Unique # Dups # White # TOP1M Final

20567 20567 1194 36 0 19337

[ D_Me_ADs ] Downloading update [ 03/27/20 09:54:40 ] .. 200 OK.
Whitelist: advertising.apple.com|amazon-adsystem.com|iadsdk.apple.com|pixel.adsafeprotected.com|qwapi.apple.com|

Orig. Unique # Dups # White # TOP1M Final

2701 2701 1019 5 0 1677

[ D_Me_Tracking ] Downloading update [ 03/27/20 09:54:41 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

34 34 16 0 0 18

[ hpHosts_ATS ] Downloading update .. 200 OK.
Whitelist: 5726.bapi.adsafeprotected.com|6058.bapi.adsafeprotected.com|6067.bapi.adsafeprotected.com|623.bapi.adsafeprotected.com|6539.bapi.adsafeprotected.com|707.bapi.adsafeprotected.com|7093.bapi.adsafeprotected.com|7202.bapi.adsafeprotected.com|7246.bapi.adsafeprotected.com|7250.bapi.adsafeprotected.com|7251.bapi.adsafeprotected.com|7882.bapi.adsafeprotected.com|8328.bapi.adsafeprotected.com|aax-eu-rtb.amazon-adsystem.com|aax-eu.amazon-adsystem.com|aax-fe-sin.amazon-adsystem.com|aax-fe.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax-us-west.amazon-adsystem.com|ads.sourceforge.net|adsafeprotected.com|advertising.apple.com|anycast.fw.adsafeprotected.com|anycast.pixel.adsafeprotected.com|autolinkmaker.itunes.apple.com|bs.serving-sys.com|c.amazon-adsystem.com|c.apple.com|collector-cdn.github.com|control.kochava.com|device-metrics-us-2.amazon.com|dt.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-fe.amazon-adsystem.com|fls-na.amazon-adsystem.com|fw.adsafeprotected.com|iadsdk.apple.com|images-aud.sourceforge.net|ir-de.amazon-adsystem.com|ir-jp.amazon-adsystem.com|ir-na.amazon-adsystem.com|mads.amazon-adsystem.com|metrics.apple.com|metrics.sourceforge.net|pivotal.github.com|pixel.adsafeprotected.com|ps-eu.amazon-adsystem.com|rcm-fe.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|securemetrics.apple.com|sfw.adsafeprotected.com|spixel.adsafeprotected.com|static.adsafeprotected.com|v.amazon-adsystem.com|wms-eu.amazon-adsystem.com|wms-fe.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-na.amazon-adsystem.com|

Orig. Unique # Dups # White # TOP1M Final

45736 45733 8146 61 0 37526

[ Yoyo ] Downloading update [ 03/27/20 09:54:43 ] .. 200 OK.
Whitelist: adsafeprotected.com|amazon-adsystem.com|pixel.adsafeprotected.com|securemetrics.apple.com|

Orig. Unique # Dups # White # TOP1M Final

3274 3274 2226 4 0 1044

[ Abuse_DOMBL ] Downloading update [ 03/27/20 09:54:44 ] .. 200 OK
No Domains Found! Ensure only domain based Feeds are used for DNSBL!

[ Abuse_URLBL ] Downloading update .. 200 OK
No Domains Found! Ensure only domain based Feeds are used for DNSBL!

[ BBC_DC2 ] Downloading update [ 03/27/20 09:54:45 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

471 469 0 0 0 469

[ SWC ] Downloading update .. 200 OK
IDN converted: [ secret.ɢoogle.com ] [ secret.xn--oogle-wmc.com ].
Whitelist: aax-cpm.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax-us-pdx.amazon-adsystem.com|aax.amazon-adsystem.com|amazon-adsystem.com|anycast.dt.adsafeprotected.com|bs.serving-sys.com|c.amazon-adsystem.com|dra.amazon-adsystem.com|dt.adsafeprotected.com|fls-na.amazon-adsystem.com|fw.adsafeprotected.com|images-aud.sourceforge.net|ir-de.amazon-adsystem.com|ir-na.amazon-adsystem.com|localhost.localdomain|mads.amazon-adsystem.com|pixel.adsafeprotected.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-na.amazon-adsystem.com|static.adsafeprotected.com|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-ea.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-na.amazon-adsystem.com|

Orig. Unique # Dups # White # TOP1M Final

14423 14402 3935 27 0 10440

[ D_Me_Malv ] Downloading update [ 03/27/20 09:54:47 ] .. 200 OK.
Whitelist: advertising.apple.com|amazon-adsystem.com|iadsdk.apple.com|pixel.adsafeprotected.com|qwapi.apple.com|

Orig. Unique # Dups # White # TOP1M Final

2735 2735 2729 5 0 1

[ D_Me_Malw ] Downloading update .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

1 1 1 0 0 0

[ ISC_SDH ] Downloading update [ 03/27/20 09:54:48 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

2288 2288 0 0 0 2288

[ MDS ] Downloading update .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

26857 26857 30 0 0 26827

[ MDS_Immortal ] Downloading update [ 03/27/20 09:54:50 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

3196 3196 566 0 0 2630

[ MDL ] Downloading update [ 03/27/20 09:54:51 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

1104 1104 28 0 0 1076

[ MVPS ] Downloading update [ 03/27/20 09:54:52 ] .. 200 OK.
Whitelist: 5726.bapi.adsafeprotected.com|6063.bapi.adsafeprotected.com|aax-eu.amazon-adsystem.com|aax-us-east-rtb.amazon-adsystem.com|aax-us-east.amazon-adsystem.com|aax.amazon-adsystem.com|bs.serving-sys.com|c.amazon-adsystem.com|cdn.adsafeprotected.com|dt.adsafeprotected.com|fls-eu.amazon-adsystem.com|fls-na.amazon-adsystem.com|fw.adsafeprotected.com|images-aud.sourceforge.net|ir-de.amazon-adsystem.com|ir-na.amazon-adsystem.com|ir-uk.amazon-adsystem.com|pixel.adsafeprotected.com|pm.adsafeprotected.com|ps-eu.amazon-adsystem.com|ps-us.amazon-adsystem.com|px.moatads.com|rcm-eu.amazon-adsystem.com|rcm-na.amazon-adsystem.com|s.amazon-adsystem.com|secure-gl.imrworldwide.com|spixel.adsafeprotected.com|static.adsafeprotected.com|wms-eu.amazon-adsystem.com|wms-na.amazon-adsystem.com|ws-eu.amazon-adsystem.com|ws-na.amazon-adsystem.com|z-na.amazon-adsystem.com|

Orig. Unique # Dups # White # TOP1M Final

10475 10475 9726 33 0 716

[ Spam404 ] Downloading update [ 03/27/20 09:54:53 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

7066 7064 53 0 0 7011

[ SFS_Toxic_BD ] Downloading update .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

11280 11276 1 0 0 11275

[ AntiSocial_BD ] Downloading update [ 03/27/20 09:54:54 ] .. 200 OK.

Orig. Unique # Dups # White # TOP1M Final

34148 34148 47 0 0 34101

Saving DNSBL database... completed

---

Assembling DNSBL database... completed [ 03/27/20 09:54:56 ]
Reloading Unbound Resolver..... completed
DNSBL update [ 172587 | PASSED ]... completed
Adding DNSBL Unbound server:include option

===[ GeoIP Process ]============================================

===[ IPv4 Process ]=================================================

[ Abuse_Feodo_C2_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

1103 1103 1103 [ Pass ]

[ Abuse_IPBL_v4 ] Downloading update .. 200 OK. completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

Original Master Final

0 1 1 [ Pass ]

[ Abuse_SSLBL_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

116 107 107 [ Pass ]

[ BBC_C2_v4 ] Downloading update [ 03/27/20 09:54:57 ] .. 200 OK. completed ..

Original Master Final

203 181 181 [ Pass ]

[ CINS_army_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

15000 15000 15000 [ Pass ]

[ ET_Block_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

2026 943 943 [ Pass ]

[ ET_Comp_v4 ] Downloading update [ 03/27/20 09:54:58 ] .. 200 OK. completed ..

Original Master Final

858 840 840 [ Pass ]

[ ISC_1000_30_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

8004 880 880 [ Pass ]

[ ISC_Block_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

21 6 6 [ Pass ]

[ Spamhaus_Drop_v4 ] Downloading update [ 03/27/20 09:54:59 ] .. 200 OK. completed ..

Original Master Final

853 0 0 [ Pass ]

[ Spamhaus_eDrop_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

101 93 93 [ Pass ]

[ Talos_BL_v4 ] Downloading update .. 200 OK. completed ..

Original Master Final

1160 1141 1141 [ Pass ]

===[ Aliastables / Rules ]================================

Firewall rule changes found, applying Filter Reload

** Restarting firewall filter daemon **

===[ FINAL Processing ]=====================================

[ Original IP count ] [ 29444 ]

[ Final IP Count ] [ 20295 ]

===[ Deny List IP Counts ]===========================

20296 total
15000 /var/db/pfblockerng/deny/CINS_army_v4.txt
1141 /var/db/pfblockerng/deny/Talos_BL_v4.txt
1103 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt
943 /var/db/pfblockerng/deny/ET_Block_v4.txt
880 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt
840 /var/db/pfblockerng/deny/ET_Comp_v4.txt
181 /var/db/pfblockerng/deny/BBC_C2_v4.txt
107 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt
93 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt
6 /var/db/pfblockerng/deny/ISC_Block_v4.txt
1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt
1 /var/db/pfblockerng/deny/Abuse_IPBL_v4.txt

====================[ Empty Lists w/127.1.7.7 ]==================

Abuse_IPBL_v4.txt
Spamhaus_Drop_v4.txt

===[ DNSBL Domain/IP Counts ] ===================================

172587 total
37526 /var/db/pfblockerng/dnsbl/hpHosts_ATS.txt
34101 /var/db/pfblockerng/dnsbl/AntiSocial_BD.txt
26827 /var/db/pfblockerng/dnsbl/MDS.txt
19337 /var/db/pfblockerng/dnsbl/Cameleon.txt
11906 /var/db/pfblockerng/dnsbl/Adaway.txt
11275 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt
10440 /var/db/pfblockerng/dnsbl/SWC.txt
7011 /var/db/pfblockerng/dnsbl/Spam404.txt
2659 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
2630 /var/db/pfblockerng/dnsbl/MDS_Immortal.txt
2288 /var/db/pfblockerng/dnsbl/ISC_SDH.txt
1677 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt
1586 /var/db/pfblockerng/dnsbl/EasyList.txt
1076 /var/db/pfblockerng/dnsbl/MDL.txt
1044 /var/db/pfblockerng/dnsbl/Yoyo.txt
716 /var/db/pfblockerng/dnsbl/MVPS.txt
469 /var/db/pfblockerng/dnsbl/BBC_DC2.txt
18 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt
1 /var/db/pfblockerng/dnsbl/D_Me_Malv.txt
0 /var/db/pfblockerng/dnsbl/D_Me_Malw.txt
0 /var/db/pfblockerng/dnsbl/Abuse_URLBL.txt
0 /var/db/pfblockerng/dnsbl/Abuse_DOMBL.txt

====================[ IPv4/6 Last Updated List Summary ]==============

Feb 6 02:59 Spamhaus_eDrop_v4
Mar 20 17:59 Spamhaus_Drop_v4
Mar 25 23:30 ET_Block_v4
Mar 25 23:30 ET_Comp_v4
Mar 27 06:57 ISC_Block_v4
Mar 27 07:42 ISC_1000_30_v4
Mar 27 09:04 Talos_BL_v4
Mar 27 09:17 BBC_C2_v4
Mar 27 09:20 CINS_army_v4
Mar 27 09:50 Abuse_SSLBL_v4
Mar 27 09:50 Abuse_Feodo_C2_v4
Mar 27 09:54 Abuse_IPBL_v4

====================[ DNSBL Last Updated List Summary ]==============

Jul 31 2015 D_Me_Tracking
Mar 18 2018 Cameleon
Oct 21 17:47 MDS_Immortal
Nov 19 04:19 hpHosts_ATS
Jan 22 06:15 MDL
Jan 31 20:37 D_Me_ADs
Feb 26 22:08 SWC
Mar 4 16:42 MDS
Mar 14 18:00 MVPS
Mar 18 10:27 Adaway
Mar 23 04:14 AntiSocial_BD
Mar 24 13:42 Yoyo
Mar 27 03:57 ISC_SDH
Mar 27 09:00 SFS_Toxic_BD
Mar 27 09:17 BBC_DC2
Mar 27 09:21 D_Me_Malw
Mar 27 09:21 D_Me_Malv
Mar 27 09:51 EasyList
Mar 27 09:51 EasyPrivacy
Mar 27 09:54 Abuse_DOMBL
Mar 27 09:54 Abuse_URLBL
Mar 27 09:54 Spam404

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

Alias table IP Counts

20296 total
20296 /var/db/aliastables/pfB_PRI1_v4.txt
0 /var/db/aliastables/pfB_PS_v4.txt

pfSense Table Stats

table-entries hard limit 400000
Table Usage Count 226

UPDATE PROCESS ENDED [ 03/27/20 09:55:01 ]

antoni777

I still get nothing, In the post above i always get the same error , "Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding"

V/r

Tony