The pfSense Store

Author Topic: pfBlockerNG Not Blocking Porn  (Read 4435 times)

0 Members and 1 Guest are viewing this topic.

Offline seanpruitt

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
pfBlockerNG Not Blocking Porn
« on: February 20, 2017, 11:16:11 am »
pfBlockerNG seems to block most things but the DNSBL EasyList. I've read several threads and watched many videos and I can't seem to get it to work.

Please help, my children's innocence is a stake here ;)

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2554
  • Karma: +797/-5
    • View Profile
    • Click for Support
Re: pfBlockerNG Not Blocking Porn
« Reply #1 on: February 20, 2017, 11:40:45 am »
Blocking porn is really difficult with DNSBL... There are millions of domains ....

This you can do:

Enable the TLD option, and add "xxx" to the TLD Blacklist customlist.... Then it will block any domain in the "xxx" TLD...

In EasyList, there are Adult Popups that are blocked, but that just removes the Adult AD popups, and not the Adult sites themselves...

A Proxy will be the best option to filter that type of content... SquidBlacklist/UT1 have some Adult categories which list quite a few Adult domains... Its not foolproof either.... Just be careful about MITM SSL issues...
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline someuser123

  • Newbie
  • *
  • Posts: 17
  • Karma: +9/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #2 on: February 20, 2017, 11:49:04 am »

Offline seanpruitt

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #3 on: February 20, 2017, 12:02:52 pm »
Thanks guys... I tried both and it seems to be working. I'm not sure i understood the TLD custom list, it seems the same as adding terms to Squid. I've used Squid in the past and It never worked the way I wanted it to. I was trying a different solution.

Do I have to flush the DNS? I find that flushing my local DNS seems to work at times but I feel like part of my problem is the DNS is cached domains overriding the filter. Do I have to flush the gateway DNS? If so how?

Thanks guys.

Offline pfBasic

  • Hero Member
  • *****
  • Posts: 1021
  • Karma: +138/-22
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #4 on: February 20, 2017, 11:05:47 pm »
I poked around with this for shits and giggles (and because I have two sons that someday over the rainbow I'd like to extend their innocence a bit longer if I can), Here's a thread with links to threads on here that will walk you through the best process I've found.
https://forum.pfsense.org/index.php?topic=124013.msg685623#msg685623


Basically,

Use DNS Resolver and force all traffic on whatever subnet your kids are on to use the resolver.
(Definitely recommend using a separate subnet as the stuff you'll need to do will probably annoy you if you have to use the same settings)


Use pfBlockerNG with DNSBL

Import shallalist into DNSBL and use the porn categories there, and whatever else you like.

Also, force google safe search (you can block search engines through shallist, and whitelist google)
https://forum.pfsense.org/index.php?topic=118502.msg657295#msg657295
https://forum.pfsense.org/index.php?topic=119413.msg665804#msg665804
https://www.google.com/supported_domains


Ultimately, nothing will be perfect and even if it were kids go to friends homes, have smart phones, etc. But this should be a pretty damn good automated setup to keep your kids from stumbling into Batman's darkest secrets. (Not really, it won't do a thing for youtube unless you want to block it completely, but I think there are other things you can do for that if you want).

https://www.youtube.com/watch?v=enOHraf3LEk


Offline pfBasic

  • Hero Member
  • *****
  • Posts: 1021
  • Karma: +138/-22
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #5 on: February 20, 2017, 11:12:13 pm »
Blocking porn is really difficult with DNSBL... There are millions of domains ....


I don't know if this is something you're interested in BBCan, but if you are shallalist (and a few others) are pretty decently maintained lists for blocking porn and a few other categories. They work really well with pfBNG & DNSBL.

The ways to get them working with DNSBL are kind of rudimentary and obscure right now, if you were to implement a built in way to use them I think it would be extremely popular.

Squid is just to flaky and invasive on HTTP/S to be useful for stuff like blocking porn. pfBNG just works, well.

Offline gcu_greyarea

  • Jr. Member
  • **
  • Posts: 77
  • Karma: +9/-2
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #6 on: February 22, 2017, 03:43:43 am »
Why don't you use open dns family shield ?

Offline someuser123

  • Newbie
  • *
  • Posts: 17
  • Karma: +9/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #7 on: February 22, 2017, 09:03:28 am »
Blocking porn is really difficult with DNSBL... There are millions of domains ....


I don't know if this is something you're interested in BBCan, but if you are shallalist (and a few others) are pretty decently maintained lists for blocking porn and a few other categories. They work really well with pfBNG & DNSBL.

The ways to get them working with DNSBL are kind of rudimentary and obscure right now, if you were to implement a built in way to use them I think it would be extremely popular.

Squid is just to flaky and invasive on HTTP/S to be useful for stuff like blocking porn. pfBNG just works, well.

future build of pfblockerng will have option to use shallalist/UT1/squidblacklist



@BBcan177 is working on it, this feature is in beta right now, i personally don't feel the need of squidguard anymore.

Offline pfBasic

  • Hero Member
  • *****
  • Posts: 1021
  • Karma: +138/-22
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #8 on: February 22, 2017, 09:25:43 am »
That is awesome! I love BBCan's work!

Offline seanpruitt

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #9 on: March 03, 2017, 09:10:55 am »
That is awesome. I was able to get the shalllist to work by following these instructions >> https://forum.pfsense.org/index.php?topic=120072.0#msg664172
It doesn't block out everything but it seems to be working better then squid guard. I feel with pfBlock, blocking serveral sites manually, forcing google restricted search, and keeping and eye on squid proxy logs is the best way to go. I've tried SquidGuard and I always found my self thinking is this thing even working!!! There are people that live by SquidGuard but I spent weeks trying to get basic settings to work. PfBlockerNG worked immediatley with results I can count on. Feel like I'm on an infomercial here.

Thanks guys for all of your help on this!  :)

Offline seanpruitt

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #10 on: March 04, 2017, 11:43:43 am »
So I'm blocking porn, that's great! But the problem I'm running into now is I can't watch any howto videos on youtube because the host is forcing restricted mode. Is there a way to only for kids into restricted mode vs the entire network?

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +956/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #11 on: March 04, 2017, 11:47:37 am »
So I'm blocking porn, that's great! But the problem I'm running into now is I can't watch any howto videos on youtube because the host is forcing restricted mode.

Perhaps try some other site for p0rn howtos?  :P
Do NOT PM for help!

Offline pfBasic

  • Hero Member
  • *****
  • Posts: 1021
  • Karma: +138/-22
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #12 on: March 04, 2017, 11:58:59 am »
So I'm blocking porn, that's great! But the problem I'm running into now is I can't watch any howto videos on youtube because the host is forcing restricted mode. Is there a way to only for kids into restricted mode vs the entire network?

The easiest way is to get another AP for the kids and put it on a separate interface/subnet. Then just apply all of this stuff to that subnet only.
A work around would be to connect to a VPN on the computer you are using (unless you are *effectively* blocking VPN IP's with a list).

Offline thatmakesnoSense

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #13 on: October 21, 2017, 02:09:57 pm »



future build of pfblockerng will have option to use shallalist/UT1/squidblacklist


@BBcan177 is working on it, this feature is in beta right now, i personally don't feel the need of squidguard anymore.

Hi,

from which build on the option shallalist will be available in pfblockerng? I can not find it in the current version (2.1.2 - under pfSense 2.4.0 release).


Regards

Offline Albertopfsense

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG Not Blocking Porn
« Reply #14 on: October 27, 2017, 12:57:16 am »
good morning
at this moment shalla list used as dnbl  feed list into dnsbl not block ( block only site without www ex block mybadsite.com but forward www.mybadsite.com)

someone has found a solution ?

thanks Alberto