Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfblockerNG blocking some web on bypass IPs

    pfBlockerNG
    2
    5
    87
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin last edited by

      Hello,

      I've added some IPs in DNS resolver config file to bypass for pfblockerNG .

      server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
include: /var/unbound/pfb_dnsbl.*conf

      site are such are account.live.com , mega.nz . List containing the entire subnet DNSBLIPv4 . Question is bypass ips should not be effected via pfblockerng list.

      Any idea what could be the issue of this abnormal behaviour.

      Regards

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by Gertjan

        Any idea what could be the issue of this abnormal behaviour.

        pfBlcokerNG enters

        8d8fb3df-7682-45cf-be0c-02ffd460ce7d-image.png

        and then some one broke(the format) it ;)

        Start here : https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/60

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • S
          scorpoin last edited by

          I've done following changes

          server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
   include: /var/unbound/pfb_dnsbl.*conf
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes

          Now testing it again . Hope this config will work out.

          Regards

          S 1 Reply Last reply Reply Quote 0
          • S
            scorpoin @scorpoin last edited by

            @scorpoin said in pfblockerNG blocking some web on bypass IPs:

            I've done following changes

            server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
   include: /var/unbound/pfb_dnsbl.*conf
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes

            Now testing it again . Hope this config will work out.

            Regards

            above configuration did not help , it does not bypass those IPs which I've added not to be blocked. Strange thing is below configuration is working fine.

            server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
 
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
  include: /var/unbound/pfb_dnsbl.*conf

            If that is wrong format then how the hell it is working ?

            Regards

            1 Reply Last reply Reply Quote 0
            • Gertjan
              Gertjan last edited by Gertjan

              @scorpoin :

              With checking the 'manual', a certain pattern can be observed :

              First, in the server part, 'groups' or 'classes' are defined : called 'bypass' and 'dnsbl'. They have a 'network(s).
              Then for each group or view (network), option are listed.
              One of them - called 'dnsbl' includes our pfb_dnsbl file.

              Note : I guess we can have the "views" called 'limited' or 'restricted' or whatever.

              No "help me" PM's please. Use the forum.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy