First of all thanks for the package.
I am moving my PFsense 1.2.3 to newer hardware and would like to use DNS Blacklist with new install. I have tried and like how it works and the idea.
I am having a problem that I have no been able to solve, probably missing something or don't know full usage of the package. At my company we are using Google Apps
for email and other services, the email accounts are setup for POP and SMTP use and have email clients configured.
If DNS Blaclist is enable
with only adult filter
the smtp and pop.gmail.com becomes inaccessible
, if I disable the adult filter or DNS Blacklist, everything works well again. For your knowledge google emails uses SSL ports
for email configuration, ports 465 and 995
.I have looked in the /adults/domain, /url and /expressions files and have no found anything for gmail.
For the moment I have to stop the use until whitelist will be available or find a solution for my problem.
┐Any suggestions or Idea?
Exactly the same issue, also same as tebruno99's post.
If i enable the 'adult' list, it starts blocking a lot of websites not in the blacklists.
For example, it blocks 'www.shallalist.de
I grep'd the whole lists (ssh'd to the box) to search for either 'shallalist', the ip of the website (188.8.131.52), the names of the DNS servers (shalla.de,robot7.first-ns.de, robot2.second-ns.de) and the IPs of these DNS servers, and found nothing related.
If i grep 'shalla' only, it finds :
which has no direct relation with shallalist.de
So i ended up with not enabling the 'adult' list, wich i really woud like to enable.
I'm using pfSense 1.2.3 release with squid/squidGuard. DHCP server is enabled and serve the IP of the box (gateway) as the DNS server. DNS forwarder is enabled. The DNS setting of Squid is forced to the private LAN IP of the box ('Use alternate DNS-servers for the proxy-server'), because, if not set, Squid seems to bypass the dns forwarder and directly resolve the names through the provider's DNS.
In SquidGuard, the option 'Not to allow IP addresses in URL' is enabled.
Any idea ?