PfBlockerNG v2.0 w/DNSBL
-
Hello folks.
Are there any detailed/comprehensive "pbBlockerNG v2.0 w/ DNSBL" guides out there? I've done some basic configuration, but would like details on all aspects of the pfBlockerNG configuration.
-
HI, BBCan77
Found 2 issues with pfSense 2.3.1, one of them is bigger, which were all reproducable by changing WAN interface parameters, e.g. tick/untick "Block bogon networks" option, save and apply changes:
-
dnsbl service is still started, even though both pfBlockerNG and DNSBL are disabled.
-
the bigger one, the unbound service isn't auto restarted after WAN interface changes are applied if pfBlockerNG and DNSBL are enabled.
-
-
Hi,
I'm getting this IP 192.99.0.227 (http://coopermult.com.br) blocked.
It's not showing on Alerts, and not match any list.If I change on "Default Order: | pfB_Block/Reject | All other Rules |" to any other, the IP are unblocked for some seconds and blocked again.
Than I change the Order again and that repeats (maybe pfBlockerNG stops for some seconds while changing the rules order?)
Any idea?
Thanks.
-
i got few more questions regarding de-duplication.
is the whole "Deny" (deny in,out,both) consider as ONE list or 3 separated lists for de-dup?
what happened to allow list ? do they get de-dup on "Allow" list?
thanks in advanceWhen you enable dedup, it works for all types of "Deny"… To avoid de-duplication for a specific Alias, you can use "Alias Native" option. De-duplication does not occur for Permit or Match type Aliases.
-
Hello folks.
Are there any detailed/comprehensive "pbBlockerNG v2.0 w/ DNSBL" guides out there? I've done some basic configuration, but would like details on all aspects of the pfBlockerNG configuration.
There is a pfBlockerNG hangout available, if you are a pfSense Gold Member.
-
-
dnsbl service is still started, even though both pfBlockerNG and DNSBL are disabled.
-
the bigger one, the unbound service isn't auto restarted after WAN interface changes are applied if pfBlockerNG and DNSBL are enabled.
I have a fix for #1 and that will be part of the next release. For #2, I can't reproduce that issue. (If anyone else is having that issue, let me know)
-
-
I'm getting this IP 192.99.0.227 (http://coopermult.com.br) blocked.
It's not showing on Alerts, and not match any list.Are you sure that "logging" is enabled in the pfBlockerNG aliases?
Try to run these commands from the shell to see if a list contains that IP:
cd /var/db/pfblockerng/deny/ grep "192.99.0.227" * grep "^192\.99\.0\." * grep "^192\.99\." * grep "^192\." * | grep "\/"
-
-
dnsbl service is still started, even though both pfBlockerNG and DNSBL are disabled.
-
the bigger one, the unbound service isn't auto restarted after WAN interface changes are applied if pfBlockerNG and DNSBL are enabled.
I have a fix for #1 and that will be part of the next release. For #2, I can't reproduce that issue. (If anyone else is having that issue, let me know)
Thanks. I will try to see how to reproduce it, it could be related to IPv6 thing. What I will do is disable DNSBL, to see if unbound service is working or not (I just had the unbound service stopped for no reason again minutes ago). then I will try to enable DNSBL, and disable IPv6, to see. I will report back.
-
-
Hi all,
I just registered so first, BBcan177, thanks for making such a great package for pfSense. It's really impressive.
I noticed one little issue, when I add a domain to the Custom Domain Suppression (Whitelist) and # comment after it, it seems to ignore this entry. Did anyone see this before?
e.g.
google.nl » ok
google.nl # dutch google » ignored -
Hi SanderX,
Thanks for reporting, I have this scheduled to be fixed in the next release. You can manually edit the file to fix this issue as follows:
Edit /usr/local/www/pfblockerng/pfblockerng_alerts.php LINE #94
And add a space as indicated in red:
Original:
$dnssupp_dat .= "{$dnssupp[0]}{$dnssupp[1]}\r\n";New:
$dnssupp_dat .= "{$dnssupp[0]} {$dnssupp[1]}\r\n";Then edit the DNSBL suppression custom list and add a space before each # and Save. Follow that with a Force Reload DNSBL.
-
That did the job. Thanks for the quick reply!
-
Is there a way to add this to pfBlockerNG or Aliases, this list of domains
-
On a fresh install of 2.3.1-RELEASE-p1:
install pfblockerng package from within pfsense
Enable Floating rules.
Enable DNS Blocklist
Select "unbound"
Run Cron
No Floating rule in firewall rules.
Please help me find the reason.
It used to work just fine before.
-
Did you enabled pfBlockerNG ? Is dnsbl service up and running ?
Did you run a Force Upload ? a Force Reload?
Did you look at the pfBlockerNG.log? -
Did you enabled pfBlockerNG ? Is dnsbl service up and running ? YES; General > Enable pfBlockerNG > Check
Did you run a Force Upload ? a Force Reload? Firewall > pfBlockerNG > Update: Update, Cron, Reload – no Force option available. Ran CRON
Did you look at the pfBlockerNG.log? Yes, I don't see any errors.I'm stumped; Never had a problem with pfb
-
Well I am still on 2.2.6 and I see in pfBlockerNG: Update
Force Update will download any new Alias/Lists.
Force Cron will download any Alias/Lists that are within the Frequency Setting (due for Update).
Force Reload will reload all Lists using the existing Downloaded files. This is useful when Lists are out of 'sync' or Reputation changes were made.But if there are no IP in you DSNBL table, then there will be no need for floating rules.Configure settings for Firewall Rules when any DNSBL Feed contain IP Addresses
Actually as soon as you enable "DNSBL IP" it will add "1.1.1.1" to make sure its not empty… So the Floating rule should show if that option was enabled..
Do you have any IPV4 alias defined ?
-
Well I am still on 2.2.6 and I see in pfBlockerNG: Update
Force Update will download any new Alias/Lists.
Force Cron will download any Alias/Lists that are within the Frequency Setting (due for Update).
Force Reload will reload all Lists using the existing Downloaded files. This is useful when Lists are out of 'sync' or Reputation changes were made.But if there are no IP in you DSNBL table, then there will be no need for floating rules.Configure settings for Firewall Rules when any DNSBL Feed contain IP Addresses
Actually as soon as you enable "DNSBL IP" it will add "1.1.1.1" to make sure its not empty… So the Floating rule should show if that option was enabled..
Do you have any IPV4 alias defined ?
I have no IP aliases defined
I can ping 10.10.10.1 but there is no rule displayed in the gui.
-
Is there a way to add this to pfBlockerNG or Aliases, this list of domains
Hi Chain, that list can be parsed without issues… If that was from a URL, just add the URL to a DNSBL alias ... You could also paste that into a custom list and the package will parse it...
-
I can ping 10.10.10.1 but there is no rule displayed in the gui.
All DNSBL alerts are visible in the pfBlockerNG Alerts tab (DNSBL section)… You should be able to ping the DNSBL VIP and browse to it also (1x1 pix)... Not sure exactly what the issue you are having?
-
The issue is that I have selected the option that creates a floating rule to the VIP DNSBL IP but there is no floating rule visible in the GUI. In the past this rule was always created.
This is on a vanilla pfsense install.
According to the service status widget, the DNSBL service is running.