pfBlockerNG-devel v3.0.0_9
-
@bbcan177 said in pfBlockerNG-devel v3.0.0_9:
When the DNSBL Interface is set to use Localhost, Lighttpd will be bound to the DNSBL VIP address (and port 80/443) instead of Localhost. There are no NAT Rules created in this scenario.
This one solves many Problems when using pfBlckerNG over VPN. -
@fireodo said in pfBlockerNG-devel v3.0.0_9:
after update from 3.0.0_8 to 3.0.0_9 unbound brings this warning: "warning: duplicate local-zone use-application-dns.net."
I have the settings "DoH/DoT Blocking" on for Firefox only. If I deactivate that the warning disappeared.When you enable the Firefox option it will add "application-dns.net" to your Unbound configuration. I assume that you also manually added the same line to the DNS Resolver Adv. Settings. So you can't do both at the same time, hence the "Duplicate zone" error.
-
@bbcan177 said in pfBlockerNG-devel v3.0.0_9:
@fireodo said in pfBlockerNG-devel v3.0.0_9:
after update from 3.0.0_8 to 3.0.0_9 unbound brings this warning: "warning: duplicate local-zone use-application-dns.net."
I have the settings "DoH/DoT Blocking" on for Firefox only. If I deactivate that the warning disappeared.When you enable the Firefox option it will add "application-dns.net" to your Unbound configuration. I assume that you also manually added the same line to the DNS Resolver Adv. Settings. So you can't do both at the same time, hence the "Duplicate zone" error.
I found the file "pfb_dnsbl.firefoxdoh.conf" in /var/unbound that was not deleted when i updated and thats why I got that entry twice. (I had "pfb_dnsbl.doh.conf" AND "pfb_dnsbl.firefoxdoh.conf")
Thanks,
fireodo -
@fireodo said in pfBlockerNG-devel v3.0.0_9:
I found the file "pfb_dnsbl.firefoxdoh.conf" in /var/unbound that was not deleted when i updated and thats why I got that entry twice. (I had "pfb_dnsbl.doh.conf" AND "pfb_dnsbl.firefoxdoh.conf")
Ok Thanks for reporting, I will check it out asap.
-
@bbcan177 Thanks for updates , well I have a suggestion can we have an option for white listing the specific website instead of white list ingthe ip for entire list /websites.
Regareds
-
Is it safe to use this devel version in production?
-
@giminik In this case yes. The dev version is the version being updated with new features and bug fixes. Think of the non dev version as legacy.
I won't speak for the developer, @BBcan177, but I think the extended development cycle for pfSense 2.5 is at the root of this unusual naming situation and that it will be resolved when 2.5 is released.
-
There is something else I do not really understand:
I have only 1 TLD in the DNSBL Whitelist and in the "DNS over HTTPS/TLS Blocking" I have Firefox an 4 other server highlighted.
When I disable the "DNS over HTTPS/TLS Blocking" I have 3 entries in the "pfbdnsblsuppression.txt" (accordingly 3 in the widget). When I activate "DNS over HTTPS/TLS Blocking" I got 179 entries in the pfbdnsblsuppression.txt regardless what servers I highlighted in the "DNS over HTTPS/TLS Blocking". When I look in the pfbdnsblsuppression.txt all servers are in the whitelist regardless what I have chosen in "DNS over HTTPS/TLS Blocking".Can you please explain me that behavior a simple as possible?
Thanks a lot for you excellent work!
fireodo -
@fireodo said in pfBlockerNG-devel v3.0.0_9:
There is something else I do not really understand:
I have only 1 TLD in the DNSBL WhitelistFirst, click on the Blue infoblock Icons for the TLD Blacklist and TLD Whitelist.
The TLD Blacklist is used to block a whole TLD like "ru" or "top" etc
The TLD Whitelist, is used to allow a domain that is being TLD Blacklisted. IE: "example.ru". The TLD Whitelist is not required for Unbound Python mode, as those domains can now be whitelisted in the same fashion as all other whitelisting.The TLD Whitelist, is not same thing as the DNSBL Whitelist.
The DNSBL Whitelist is where you want to add domains to be whitelisted, and its best to whitelist by clicking on the "+" icon in the Reports tab as those take effect immediately. Adding a domain manually to the whitelist, will require a Force Reload - DNSBL to take effect.
Can you please explain me that behavior a simple as possible?
Thanks a lot for you excellent work!Thanks, and hope that helps!
-
@bbcan177
It is very much clearer now!Thanks a lot,
fireodo -
@bbcan177 said in pfBlockerNG-devel v3.0.0_9:
@fireodo said in pfBlockerNG-devel v3.0.0_9:
The TLD Whitelist, is not same thing as the DNSBL Whitelist.
OK. But from where come those 181 Whitelist-Entrys shown in the pfblocker widget? (see atach)
I have nothing introduced deliberately in the DNSBL Whitelist. -
@fireodo Click on it, it brings you to DNSBL Tab, how many entries do you have in Custom Whitelist?
-
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
how many entries do you have in Custom Whitelist?
Let me answer that question : 90 entries (close to).
This number is doubled (www is prepended for every host name if it isn't starting with www) and the final ",localhost.localdomain,," is added.Source : /var/db/pfblockerng/pfbdnsblsuppression.txt
-
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
@fireodo Click on it, it brings you to DNSBL Tab, how many entries do you have in Custom Whitelist?
Only 1 "ONE"
-
@gertjan said in pfBlockerNG-devel v3.0.0_9:
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
how many entries do you have in Custom Whitelist?
Let me answer that question : 90 entries (close to).
This number is doubled (www is prepended for every host name if it isn't starting with www) and the final ",localhost.localdomain,," is added.No, only 1!
Source : /var/db/pfblockerng/pfbdnsblsuppression.txt
The rest of the entrys in the file you mention are all the DoH/DoT Servers from the "DNS over HTTPS/TLS Blocking" -List ;-)
-
@fireodo said in pfBlockerNG-devel v3.0.0_9:
re all the DoH/DoT Servers from the "DNS over HTTPS/TLS Blocking" -List ;-)
Post you Whitelist and the pdbdnsblsuppresstion.txt so we can help.
-
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
@fireodo said in pfBlockerNG-devel v3.0.0_9:
re all the DoH/DoT Servers from the "DNS over HTTPS/TLS Blocking" -List ;-)
Post you Whitelist and the pdbdnsblsuppresstion.txt so we can help.
Whitelist: youtube-nocookie.com
Suppresion List:
pfbdnsblsuppression.txt -
@fireodo You are using Unbound mode or Python Unbound Mode ?
-
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
@fireodo You are using Unbound mode or Python Unbound Mode ?
Unbound Mode.
Thanks
-
@fireodo I am with Unbound Python mode, so I can't verify the difference in file between mode.
But this may be normal,
-
@ronpfs said in pfBlockerNG-devel v3.0.0_9:
@fireodo I am with Unbound Python mode, so I can't verify the difference in file between mode.
But this may be normal,
Hmmm, if I deactivate the DNS over HTTPS/TLS Blocking the Whitelist is reduced to 3 (in the pfblocker Widget - and also in the pfbdnsblsuppression.txt)
