pfblockerNG blocking some web on bypass IPs



  • Hello,

    I've added some IPs in DNS resolver config file to bypass for pfblockerNG .

    server:
        access-control-view: 192.168.10.2/32  bypass
        access-control-view: 192.168.10.203/32 bypass
        access-control-view: 192.168.10.0/24 dnsbl
        
    view:
        name: "bypass"
        view-first: yes
    view:
        name: "dnsbl"
        view-first: yes
    include: /var/unbound/pfb_dnsbl.*conf
    

    site are such are account.live.com , mega.nz . List containing the entire subnet DNSBLIPv4 . Question is bypass ips should not be effected via pfblockerng list.

    Any idea what could be the issue of this abnormal behaviour.

    Regards



  • Any idea what could be the issue of this abnormal behaviour.

    pfBlcokerNG enters

    8d8fb3df-7682-45cf-be0c-02ffd460ce7d-image.png

    and then some one broke(the format) it ;)

    Start here : https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/60



  • I've done following changes

    server:
        access-control-view: 192.168.10.2/32  bypass
        access-control-view: 192.168.10.203/32 bypass
        access-control-view: 192.168.10.0/24 dnsbl
       include: /var/unbound/pfb_dnsbl.*conf
        
    view:
        name: "bypass"
        view-first: yes
    view:
        name: "dnsbl"
        view-first: yes
    
    

    Now testing it again . Hope this config will work out.

    Regards



  • @scorpoin said in pfblockerNG blocking some web on bypass IPs:

    I've done following changes

    server:
        access-control-view: 192.168.10.2/32  bypass
        access-control-view: 192.168.10.203/32 bypass
        access-control-view: 192.168.10.0/24 dnsbl
       include: /var/unbound/pfb_dnsbl.*conf
        
    view:
        name: "bypass"
        view-first: yes
    view:
        name: "dnsbl"
        view-first: yes
    
    

    Now testing it again . Hope this config will work out.

    Regards

    above configuration did not help , it does not bypass those IPs which I've added not to be blocked. Strange thing is below configuration is working fine.

    server:
        access-control-view: 192.168.10.2/32  bypass
        access-control-view: 192.168.10.203/32 bypass
        access-control-view: 192.168.10.0/24 dnsbl
     
        
    view:
        name: "bypass"
        view-first: yes
    view:
        name: "dnsbl"
        view-first: yes
      include: /var/unbound/pfb_dnsbl.*conf
    

    If that is wrong format then how the hell it is working ?

    Regards



  • @scorpoin :

    With checking the 'manual', a certain pattern can be observed :

    First, in the server part, 'groups' or 'classes' are defined : called 'bypass' and 'dnsbl'. They have a 'network(s).
    Then for each group or view (network), option are listed.
    One of them - called 'dnsbl' includes our pfb_dnsbl file.

    Note : I guess we can have the "views" called 'limited' or 'restricted' or whatever.


Log in to reply