DNSBL category not working
-
@BBcan177 said in DNSBL category not working:
@loop4633 if you enabled that after, you will need to run a Force Reload DNSBL for it to take effect
I've anyone that not work... I've tryed to block porn content but anything have changed...
I can't force reload, I only select reload all without effect
-
pfBlockerNG has an update... now it seems to download list of porn... hope before it works...
Will be update you -
@loop4633 said in DNSBL category not working:
now it seems to download list of porn... hope before it works...
You mean this one :
You saw the word [ Large ] ?
This list is known to 'break' systems. Because it's huge. Only activate this list if :
You have time to check the auto reloads a couple of times.
You raised the internal PHP work memory to the max possible :
I typically use this list to put a system (the PHP subsystem, its limited RAM buffer) to the max for a while.
Btw : Porn visitors with more then one neuron, for 'reasons', always use a VPN
-
@Gertjan said in DNSBL category not working:
@loop4633 said in DNSBL category not working:
now it seems to download list of porn... hope before it works...
You mean this one :
You saw the word [ Large ] ?
This list is known to 'break' systems. Because it's huge. Only activate this list if :
You have time to check the auto reloads a couple of times.
You raised the internal PHP work memory to the max possible :I typically use this list to put a system (the PHP subsystem, its limited RAM buffer) to the max for a while.
Btw : Porn visitors with more then one neuron, for 'reasons', always use a VPNThank you for your advice but is too late... pfsense ko... there is anyway to restore? or I must reinstall?
-
Console (or SSH ?) access still works ?
Console : This is normally a serial connection, and can also be a HDMI+keyboard interface.Btw : Re installing is a sure value.
pfSense was build with one goal in mind : with one click you can export a small (a couple of mBytes max) config file and with this file you can re create the same system (on same hardware) in a matter of minutes : make the GUI work, which needs minimal steps, and then click : upload the config file back in, reboot and done. -
@Gertjan said in DNSBL category not working:
Console (or SSH ?) access still works ?
Console : This is normally a serial connection, and can also be a HDMI+keyboard interface.Btw : Re installing is a sure value.
pfSense was build with one goal in mind : with one click you can export a small (a couple of mBytes max) config file and with this file you can re create the same system (on same hardware) in a matter of minutes : make the GUI work, which needs minimal steps, and then click : upload the config file back in, reboot and done.I've shutdown by button and start before 5 minutes, I've deactivate porn category and now updating it... hope to resolve...
-
Do you suggest any light category to select to test if dnsbl category work in my pfsense?
Thank you -
I'm realizing that category not work properly... have tryed lingerie category but few site is really lock many other no... the block consist in corrupted loading of web page...
I try also to reject with TLD, really block site that have selected but not return my the pfsense error page but only "ERR_CONNECTION_REFUSED" why?
Thank you guys -
@loop4633 said in DNSBL category not working:
really block site that have selected but not return my the pfsense error page but only "ERR_CONNECTION_REFUSED" why?
Because of the listed DNS host names.
Ultra quick example :
My DNSBL page :
I'll take "ADs_Basic" as an example, let's open it up :
Now I have a file name : https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Have a look at that file : https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Take a line from the start :
0.0.0.0 ck.getcookiestxt.comCopy "ck.getcookiestxt.com".
Paste it here :
C:\Users\Gauche>nslookup ck.getcookiestxt.com Serveur : pfSense.bhf.net Address: 2a01:cb19:beef:dead:92ec:77ff:fe29:392c Réponse ne faisant pas autorité : Nom : ck.getcookiestxt.com Addresses: :: 0.0.0.0The answer was ... 0.0.0.0
Your browser would do the same thing : It will first do an identical DNS request for "ck.getcookiestxt.com" and receive 0.0.0.0 as an answer. It won't even try to connect to 0.0.0.0, and just show the situation :
so all is fine.
edit : I use the "Null block (logging)" method. The "Null block" comes from ..... 0.0.0.0.
Don't use the "DNSBL Webserver/VIP" as that method was usefulle when all web sites were doing http.
AS you might have noticed, "http" sites don't exist anymore. They all became https, and https (TLS) sites can not be redirected to 'another' server like the pfBlockerng web server (to show a nice error message).Ultra mega short "what is https" explanation :
The browser gets the IP of the host name first, as above.
When you use "DNSBL Webserver/VIP" method, it is not 0.0.0.0 (the Null answer) that gets returned, but :
as 10.10.10.1 it will be.
Good news ! This one answers the request !! It's the "DNSBL Webserver/VIP" after all.
As the browser is using https it will receive a certificate from this web server.
This certificate says it is :
The browser goes full
mode as it wants the certificate that says "I am ck.getcookiestxt.com", not "I am pfSense-pfBNG-DNSBL-68dcca20bc53e". You'll see another browser fail message.And no, you can't make your own "ck.getcookiestxt.com" certificate on the fly, as for that to happen you need to proof that you own the domain name "ck.getcookiestxt.com".
Try for yourself : get a valid, CA signed for a domain like "microsoft.com". If you manage to pull this one off, you :
Will be, for a short moment, the richest man in the world.
The most famous man in the world.
You also just broke world's economy in a way that couldn't be done better by people like Putin, Trump, Xi-ping and Macron combined.
Shortly after, water stops flowing from the tap, the power goes down. Your hear gun shots all over the place and the stage is set for an massive extinction event. -
@Gertjan Very thank's,
I'll try to do somethings like that...
