pfBlockerNG 3.2.0_5 - how to block single or multiple domain without feeds ?

Cabrinisamuele · Jun 19, 2023, 4:57 AM

Hello everyone ! I'm trying to use pfblocker ! using the "feeds" everything works fine ! but if I just want to block one or two domains ( for example"lastampa.it or youtube.com") of my choice (without the "feeds") is it possible? ... searching the netgate forum posts doesn't seem simple an option! thank you all

Cool_Corona · Jun 19, 2023, 5:54 AM

Wouldnt it be great if you could use DNS to redirect an entire domain like youtube to pornhub via unbound??

Or simply block ASN numbers like typing it in and the rest will sort itself out?

Gertjan · Jun 19, 2023, 7:04 AM

@Cabrinisamuele said in pfBlockerNG 3.2.0_5 - how to block single or multiple domain without feeds ?:

(without the "feeds")

Noop.
You have to enter DNSBL somewhere.

The most easy way is : do what pfBlockerNG proposes you to do :

Use the console access to create a file named /var/db/pfblockerng/test.list, and enter :

0.0.0.0 lastampa.it
0.0.0.0 youtube.com

and then set up this list as shown in the image.
Why "/var/db/pfblockerng/test.list" ? Read the blue information text.

When doing a force reload I saw :

[ LocalListFile ]		 Downloading update [ 06/19/23 08:46:20 ] ..
  Whitelist: youtube.com|
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  2        2          0          1          0          1                    
  ----------------------------------------------------------------------

which means the file was used - and one entry (youtube) was whitelisted so not used.
Yes, I've whitelisted youtube.com ... I can't risk of having youtube being blocked, as that would make me sleep in the dog house.

A small test afterwards :

C:\Users\Gauche>nslookup lastampa.it
Serveur :   pfSense.my-network.tld
Address:  2a01:dead:beef:a6dc::1

Réponse ne faisant pas autorité :
Nom :    lastampa.it
Address:  0.0.0.0

So :

Blocking 'youtube' isn't an easy thing to do. Many have tried, and doing so, learned why and how it all works, to abandon as it is to much ongoing work.

The sledge hammer solution, blocking by ASN will probably also block google.com, gmail, whatsapp etc.

Cabrinisamuele · Jun 19, 2023, 4:28 PM

@Cool_Corona
Yes it could be :-)

Cabrinisamuele · Jun 19, 2023, 4:31 PM

@Gertjan
Thanks for your help :-)