how to bypass pfblockerng-devel certain ip.

Gertjan

@jenskiebee

You use :

so you could Bypassing DNSBL for specific IPs

Or, also possible, I did not understand :

@jenskiebee said in how to bypass pfblockerng-devel certain ip.:

My problem is not working

jenskiebee

@gertjan said in how to bypass pfblockerng-devel certain ip.:

@jenskiebee

You use :

so you could Bypassing DNSBL for specific IPs

Or, also possible, I did not understand :

@jenskiebee said in how to bypass pfblockerng-devel certain ip.:

My problem is not working

Oh sorry i cant edit my post..

Yes bro, i use that pfblockerng version.
My problem is i cant bypass the dnsbl website.
Example ip of my pc unit is 192.168.1.30 i want to exclude in blocking.

jenskiebee

@gertjan

I already use the setting of Bypassing DNSBL for specific IPs.
But notworking my pc/ip still block.

Gertjan

@jenskiebee said in how to bypass pfblockerng-devel certain ip.:

But notworking my pc/ip still block.

I'm using pfSense 2.5.1 with the latests pfB 3.0.0_16

I looked up a blocked domain in one of the feeds I'm using : cash_lord.com in one of the feeds I'm using.

a nslookup test for cash_lord.com showed me the domain was blocked :

0..0.0.0

edit : Yes, 0.0.0.0 as I'm not trying to return 10.10.10.1 which is the default 'buiknd-in' "DNSBL Webserver" as it can't do anything if I'm redirected to https. Knowing that every site is https these days, etc etc etc. I just chose for 0.0.0.0 which does the job just fine with far less overhead.

Time for a test.

My PC uses LAN IP 192.168.1.2 and 2001:470:dead:beef:2::88
So I entered this :

I flushed my local DNS cache with

ipconfig /flushdns

and did the test again. This time it did return an IP :

Address:  154.220.169.30

So, it really looks like it's working for me.

My PC, as it's on the list, isn't filtered by pfB any more.

jenskiebee

@gertjan i try this setting "unbound python mode" dnsbl its working, but the other problem is when i flushed dns the other pc that i want to remain filtered by pfb same still can access again.
because some of the user/employee know simple network troubleshot like release , renew and flushdns also...

KOM

@Gertjan

dead:beef

Heh

Gertjan

@jenskiebee said in how to bypass pfblockerng-devel certain ip.:

problem is when i flushed dns the other pc that i want to remain filtered by pfb same still can access again.

What do you mean ?

Do you know what

ipconfig /flushdns

does ?

And why I used this command on my PC in the example above ?

@jenskiebee said in how to bypass pfblockerng-devel certain ip.:

"unbound python mode"

This mode needs to be used to use the "Python Group Policy" function.

Gertjan

@kom said in how to bypass pfblockerng-devel certain ip.:

@Gertjan

dead:beef

Heh

A way to obscure an IPv6 - my 2001:470:dead:beef:2::88 is local and global ;)

jenskiebee

@gertjan yeahhh i used like you said.

Gertjan

@jenskiebee

Keep in mind : it's a DNSBL bypass.
IP based feeds will still block, as these are just huge aliases used in firewall rules.

See also here and here.

It's still in the phase of developing.