Peculiar pfblockerng / tld blocklist & whitelist behavior
I have been running pfsense for a while and am quite happy with the setup. I am testing TLD blacklist/whitelist and running into a setup issue.
Summary of post = TLD blacklist: io && TLD whitelist: mkdocs.github.io does not work. WAI?
pfsense: 2.4.5-RELEASE, pfblockerng: pfBlockerNG-devel 2.2.5_30
All IP and DSNBL lists disabled
TLD blacklist: io
TLD whitelist: tried both github.io and mkdocs.github.io
Expected result: I thought mkdocs.github.io/mkdocs/ would work for one of the whitelist combinations. It does not.
Workaround = If I add github.io to the blocklist with io it works.
Workaround 2 = I could add pi-hole which supports regex based exclude and include patterns.
- Question 1 - is this working as intended? Note, github.io and mkdocs.github.io resolve to the same addresses
- Question 2 - is there a way to block an entire domain while permitting a wildcarded subdomain like *.github.io and ..github.io. Is there a different way that doesn't require force reload for every whitelist change.
Thank you for your help.
Another example for the *.io domain. I can't find any combination of rules that enables access to ix.cnn.io. Even with the workaround attempt adding cnn.io to the blacklist I get a DNSBL_TLD entry in the alerts.
Does this issue sound familiar to others?
In the end I disabled tld blocking since it led to many issues allowing certain sites with their own subdomains. I am maintaining a blocklist of individual sites. This is more effort but more reliable for use.