pfBlockerNG logs Ad blocking on one Netgate appliance but not another with similar pfBlockerNG config
-
Greetings,
I"m a new Netgate / pfSense user, and new to the forum. I just migrated to from a different network provider and using pihole as my internal DNS.
Configuration: I have two Netgate appliances both running 23.09.1. One is an SG-2100 and the other is an SG-1100. Both are running pfBlockerNG_devel version 3.2.0_7. I have VLANs running on both appliances. Neither seems under load, have plenty of disk space, and are pretty much brand new setups.
Issue: I've run through the initial setup wizard, as far as I can tell, the same on both appliances. However, my SG-1100 shows 180 entries under reports / alerts for blocked ads using Steven Black's list (DNSBL_ADs_Basic). But, my SG-2100 doesn't show any entries, except for 1 random entry, on my SG-2100 for the same configuration. The SG-2100 has several clients on the interface that are browsing the web in this configuration. Ads appear to be blocked but not being logged for reporting.
Troubleshooting steps already performed:
- Ensured the outgoing outgoing rules are applied to the interface to which I'm currently testing
- Ensured the DHCP scope is configured to use the appliance is configured as the DNS servers for the subnet, no other DNS servers are configured and validated on the clients that they are using the DNS entries that I'm expecting
- l've reviewed the log files, but haven't been able to find anything ... but I admittedly could be overlooking something obvious.
- Uninstalled pfBlockerNG and reinstalled
- restarted my Netgate appliance
- Uninstalled pfBlockerNG, ensured the configs were not retained, and reinstalled
Is this expected behavior?
Should I be seeing blocked ad entries?
Any other ideas / troubleshooting efforts to figure out why i'm the expected results on one appliance but not the other when I'm the one who configured both?Any feedback / help is greatly appreciated.
Regards.
-
Correction, on the SG-1100, logging only seems to be working on my default LAN, but none of my tagged VLANs. Looks like there is more of a configuration issue or i need to better understand some of the configuration for pfBlockerNG.
-
@mem237 If you are sure all your vlans have been selected and you ran a force update, i'd check that the config is set to create the auto rules and not configured for the alias only.
-
For the VLAN that I'm testing, I see the pfB_PRI1_v4, and pfB_TOR_v4 firewall rules were automatically created in firewall rules for that interface and are at the top. I tested in that VLAN to hit some TOR servers, and those IP attempts were logged as expected. However, from what I can tell, when I test the DNSBL Ad blocking, those entries aren't showing up under reports/alerts.
I suspect if I turned on the DNSBL configuration on my default VLAN, moved a client over there and browse some websites, i would see some entries in reports / alerts on ads being blocked.
What I'm unsure of is if this is expected behavior? Maybe there is a concern with the amount of logging for ad blocks so that logging for that category is disabled.
-
@mem237 If logging is on, you should see what DNSBL list triggers the block. There is quite a bit online on this already so you could double check against what others have done or post up some screenshots of the DNSBL settings here.
-
-
@mem237 Are the rules per VLAN or floating?
-
I think i figured it out. In my click -> click -> next in setting up the config so that I can run tests, I inadvertently overlooked a setting that needed to be changed. Running more tests, but the limited testing shows logging happening.
Thank you so much for that assistance.