pfblockerNG blocking some web on bypass IPs

scorpoin · Jun 29, 2020, 10:47 AM

Hello,

I've added some IPs in DNS resolver config file to bypass for pfblockerNG .

server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
include: /var/unbound/pfb_dnsbl.*conf

site are such are account.live.com , mega.nz . List containing the entire subnet DNSBLIPv4 . Question is bypass ips should not be effected via pfblockerng list.

Any idea what could be the issue of this abnormal behaviour.

Regards

Gertjan · Jun 29, 2020, 12:03 PM

Any idea what could be the issue of this abnormal behaviour.

pfBlcokerNG enters

and then some one broke(the format) it ;)

Start here : https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips/60

scorpoin · Jul 2, 2020, 5:16 AM

I've done following changes

server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
   include: /var/unbound/pfb_dnsbl.*conf
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes

Now testing it again . Hope this config will work out.

Regards

scorpoin · Jul 2, 2020, 5:16 AM

@scorpoin said in pfblockerNG blocking some web on bypass IPs:

I've done following changes

server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
   include: /var/unbound/pfb_dnsbl.*conf
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes

Now testing it again . Hope this config will work out.

Regards

above configuration did not help , it does not bypass those IPs which I've added not to be blocked. Strange thing is below configuration is working fine.

server:
    access-control-view: 192.168.10.2/32  bypass
    access-control-view: 192.168.10.203/32 bypass
    access-control-view: 192.168.10.0/24 dnsbl
 
    
view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
  include: /var/unbound/pfb_dnsbl.*conf

If that is wrong format then how the hell it is working ?

Regards

Gertjan · Jul 2, 2020, 5:37 AM

@scorpoin :

With checking the 'manual', a certain pattern can be observed :

First, in the server part, 'groups' or 'classes' are defined : called 'bypass' and 'dnsbl'. They have a 'network(s).
Then for each group or view (network), option are listed.
One of them - called 'dnsbl' includes our pfb_dnsbl file.

Note : I guess we can have the "views" called 'limited' or 'restricted' or whatever.