pfblockerNG- tuning needed or do i have an error in config?
-
I have installed pfblockerng-devel and enabled many ip and dnsbl's. I am testing the config with this page https://d3ward.github.io/toolz/adblock.html from a client. with pihole in default config i can reach over 70% blocking, with pfblockerng and many lists akiv, i got only 40% and this does not change (most difference in Analytics, Social Trackers) . if my search was correct pihole only uses StevenBlack (StevenBlack_ADs in pfblocker).
how can i check why the blocking is not working?
same for IP/DNSBLi had installed pfblockerng first and than uninstalled and installed pfblockerng-devel.
what i discovered is, that there are no rules added after pfblockerng-devel konfig
the update log (for me) do not look as its load all list i have added (force option reload All)
UPDATE PROCESS START [ v3.1.0_6 ] [ 11/16/22 21:34:04 ] ===[ DNSBL Process ]================================================ Loading DNSBL Statistics... completed Loading DNSBL SafeSearch... disabled Loading DNSBL Whitelist... completed Clearing all DNSBL Feeds Stopping Unbound Resolver. Unbound stopped in 2 sec. Starting Unbound Resolver... completed [ 11/16/22 21:34:05 ] DNSBL update [ 0 | PASSED ]... completed ------------------------------------------------------------------------ ===[ GeoIP Process ]============================================ ===[ IPv4 Process ]================================================= [ WindowsSpyBlockerIP_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 167 167 167 [ Pass ] ----------------------------------------------------------------- [ fireholLevel3_v4 ] Reload . completed .. ------------------------------ Original Master Final ------------------------------ 17334 17334 17334 [ Pass ] ----------------------------------------------------------------- [ DNSBLIP_v4 ] Reload . completed .. [ pfB_DNSBLIP_v4 DNSBLIP_v4 ] No IPs found! Ensure only IP based Feeds are used! ] ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_WindowsSpyBlockerIP_v4 no changes. Updating: pfB_fireholLevel3_v4 no changes. ===[ Kill States ]================================================== No matching states found ====================================================================== ===[ FINAL Processing ]===================================== [ Original IP count ] [ 17502 ] [ Final IP Count ] [ 17501 ] ===[ Deny List IP Counts ]=========================== 17501 total 17334 /var/db/pfblockerng/deny/fireholLevel3_v4.txt 167 /var/db/pfblockerng/deny/WindowsSpyBlockerIP_v4.txt ====================[ IPv4/6 Last Updated List Summary ]============== Nov 16 21:03 WindowsSpyBlockerIP_v4 Nov 16 21:03 fireholLevel3_v4 Nov 16 21:03 DNSBLIP_v4 ====================[ DNSBL Last Updated List Summary ]============== Nov 15 23:33 EasyPrivacy Nov 16 15:36 StevenBlack =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 17501 total 17334 /var/db/aliastables/pfB_fireholLevel3_v4.txt 167 /var/db/aliastables/pfB_WindowsSpyBlockerIP_v4.txt pfSense Table Stats ------------------- table-entries hard limit 400000 Table Usage Count 17516 UPDATE PROCESS ENDED [ 11/16/22 21:34:06 ]
the lists (every list fill checked)
thx christian
-
News: After starting the wizard and doing the config (same feeds) the state on testpage is not better but update looks better and the rules are removed, a new rule was added
wan
-
I think i have found the error:
via dhcp i delivered dns server
192.168.2.1 (lan on pfsense)
1.1.1.1 (cloudflaredns)
8.8.8. (google dns)the reason for dns 2 and 3 was as backup if 1 is not working. so my client uses the other since pfblocker blocked the content from the testpage. after setting dhcp to only 192.168.2.1 i am reaching 77% (more than pihole). it was a config error
-
@chris1284 The DNSBL feature doesn't add block rules, it answers DNS queries with incorrect info to block the connection. Using other DNS can bypass it, particularly on Windows which uses the "last known good" DNS and does not use an order. Also DNS caching on the PC can come into play.
There is also DNS over HTTPS or DNS over TLS which bypasses local DNS servers altogether. :)
-
@steveits said in pfblockerNG- tuning needed or do i have an error in config?:
There is also DNS over HTTPS or DNS over TLS which bypasses local DNS servers altogether. :)
I think this could be blocked true the ip feeds for DoH ("ipv4 DoH_IP the Great Wall" for example) and block port 853 for DNS over TLS (DoT) as long as i don't use it.