DNSBL not creating firewall rules
-
@bob-dig
So only some of the websites are being logged. But ones that aren't blocked are not logged. -
@fredmcfly said in DNSBL not creating firewall rules:
But ones that aren't blocked are not logged.
Which is again normal.
-
@bob-dig I agree that it is normal to have a log for a website that is blocked.
So any ideas why a website that is listed in the block list, fails to be blocked?
I have added rules to block DNS requests to the outside following this recipe.
Basically it blocks all outside DNS requests but allows requests to the local DNS Resolver.
-
@fredmcfly For example, you probably can't block DoH like this, so you have to check your browser settings.
Also post some screenshots what you have done and what is not working as expected. -
@bob-dig
OK, I checked the browser and it is not using DoH, see figure below or click on this link:Here are my DNSBL settings:
login-to-viewDNSL Feeds
login-to-viewMy blacklist feed settings:
login-to-view
login-to-viewWhen I do a force update, the feeds are downloaded and updated. Including my blacklist.
===[ DNSBL Domain/IP Counts ] =================================== 1221752 total 704572 /var/db/pfblockerng/dnsbl/Shallalist_porn.txt 150125 /var/db/pfblockerng/dnsbl/Maltrail_BD.txt 122595 /var/db/pfblockerng/dnsbl/C19_CTC.txt 97559 /var/db/pfblockerng/dnsbl/Shallalist_porn_v4.ip 29312 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt 28363 /var/db/pfblockerng/dnsbl/Shallalist_redirector.txt 14523 /var/db/pfblockerng/dnsbl/Shallalist_gamble.txt 14273 /var/db/pfblockerng/dnsbl/SWC.txt 10633 /var/db/pfblockerng/dnsbl/EasyList.txt 8449 /var/db/pfblockerng/dnsbl/Adaway.txt 6999 /var/db/pfblockerng/dnsbl/Spam404.txt 6827 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt 6612 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn_v4.ip 6435 /var/db/pfblockerng/dnsbl/MVPS.txt 3034 /var/db/pfblockerng/dnsbl/Shallalist_dating.txt 2507 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt 1985 /var/db/pfblockerng/dnsbl/Krisk_C19.txt 1951 /var/db/pfblockerng/dnsbl/Shallalist_models.txt 1464 /var/db/pfblockerng/dnsbl/Yoyo.txt 1180 /var/db/pfblockerng/dnsbl/Shallalist_redirector_v4.ip 1146 /var/db/pfblockerng/dnsbl/Shallalist_sex_lingerie.txt 482 /var/db/pfblockerng/dnsbl/myblacklist.txt 390 /var/db/pfblockerng/dnsbl/Shallalist_anonvpn.txt 158 /var/db/pfblockerng/dnsbl/Shallalist_sex_education.txt 98 /var/db/pfblockerng/dnsbl/Juniper_v4.ip 42 /var/db/pfblockerng/dnsbl/Shallalist_gamble_v4.ip 23 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt 6 /var/db/pfblockerng/dnsbl/Juniper.txt 5 /var/db/pfblockerng/dnsbl/myblacklist_v4.ip 2 /var/db/pfblockerng/dnsbl/EasyList_v4.ip 1 /var/db/pfblockerng/dnsbl/Shallalist_models_v4.ipIf I look at
myblacklist_v4.txtI find the following lines as expected:local-data: "redd.it 60 IN A 10.10.10.1" local-data: "reddit-com.poiu.icu 60 IN A 10.10.10.1" local-data: "reddit.com 60 IN A 10.10.10.1" local-data: "reddup.co 60 IN A 10.10.10.1"But if I enter
reddit.comin my browser, I can still access it and click on links. So the website is not cached in the browser and it is not blocked.pfSense says my DNS servers are as follows:
login-to-viewAny other information that may be helpful?
-
Here are my Firewall rules to block DNS request to ports 53 and 853, and to force DNS request to local:
login-to-view -
DNS Resolver Settings:
login-to-view
login-to-view
login-to-view -
So I did some experimenting and some websites in my list are indeed blocked, but other websites are not blocked even though they are listed in the file
/var/db/pfblockerng/dnsbl/myblacklist.txtI'm not sure why this is happening.
-
I added reddit.com to the DNSBL Custom_List of malicious and it worked, after pfBlocker run the usual update.
Also I don't needed any firewallrules for that, because it is all dns based.Edit: I tried your list, problem seems to be that reddit.com is blocked, but not www.reddit.com.
-
@bob-dig
I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)I have tried on different computers on the network and they can still access it.
I have also tried on three different browsers.
I am really confused why some sites are blocked while others are not.