Netgate SG-1000 microFirewall

Author Topic: pfBlockerNG configuration for a newbie :)  (Read 1194 times)

0 Members and 1 Guest are viewing this topic.

Offline belgiumrom

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG configuration for a newbie :)
« Reply #15 on: January 16, 2018, 07:45:56 pm »
Did you guys do anything to the lists?!?!?

My pfblocker started blocking ads from steepto.com in filmehd.net all of a sudden without me doing anything...

Now ads in facebook.com started showing again... lol

Am I doing something wrong? LOL

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 716
  • Karma: +96/-2
    • View Profile
Re: pfBlockerNG configuration for a newbie :)
« Reply #16 on: January 16, 2018, 07:56:07 pm »
Did you guys do anything to the lists?!?!?
You have to ask that question to the "guys" who maintain the lists.

Also, when the lists are reloaded, I see that the hard limit of domains is overpassed, could that be an issue too?

------------------------------------------
Assembling database... completed
Executing TLD
TLD analysis....xxxxxxxxxxx completed
** TLD Domain count exceeded. [ 400000 ] All subsequent Domains listed as-is **
Finalizing TLD...  completed
 ----------------------------------------
That's because you don't have enough memory to get a complete TLD set. So from Cron update to Cron Update, some more domains are converted to TLD and that may demand different whitelisting.

So look at the logs to see what lists were downloaded when steepto.com became blocked.

Try a Force Reload DNSBL to see if things change.

Lower the total number of DNSBL entries by removing some big lists.

2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.3_1

Offline belgiumrom

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG configuration for a newbie :)
« Reply #17 on: January 17, 2018, 06:54:15 am »
Thanks RonpfS for your suggestions. Will try tonight.

I was asking the "guys" here because I have some lists made or maintained by BBcan177.

...and you are right, I am running pfsense on a tiny microcomputer with only 4GB of RAM, but that's going to change soon, will upgrade to 8GB. I only found out about pfblocker after I purchased the hardware.


Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +821/-5
    • View Profile
    • Click for Support
Re: pfBlockerNG configuration for a newbie :)
« Reply #18 on: January 23, 2018, 05:32:38 pm »
Thanks RonpfS for your suggestions. Will try tonight.

I was asking the "guys" here because I have some lists made or maintained by BBcan177.

...and you are right, I am running pfsense on a tiny microcomputer with only 4GB of RAM, but that's going to change soon, will upgrade to 8GB. I only found out about pfblocker after I purchased the hardware.

TLD requires more memory as Unbound creates a pointer in memory for each Zone entry. To prevent Unbound from consuming all of the available memory and crashing the box, I have defined conservative Zone limit according to the amount of memory available. 

So as soon as you reach the the max TLD limit, no further Zones are created and the balance of the Domains will be blocked as per the explicit domain entry and not the whole sub-domain as TLD is intended to accomplish.

So, as TLD is processing, this domain might have been processed before the TLD limit and then added as a Zone. And at times it might be processed after the TLD limit at which time it won't be blocking the whole sub-domain.

So you either need more memory, or put the most important Domains to be processed by TLD first so that they will be added as a Zone before the TLD limit is reached.
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline belgiumrom

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG configuration for a newbie :)
« Reply #19 on: February 03, 2018, 11:55:57 am »
Thanks for suggestions BBcan177.
I upgraded to 8 GB the other day, but steepto.com still shows on that filmehd.net website...
I apologize but I didn't understand much of your explanation other than upgrading RAM will help... lol, too technical, and my knowledge is somewhat limited in TLD (learning now).
One good news, there is no hard limit message anymore when TLD list is processed.

Offline belgiumrom

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG configuration for a newbie :)
« Reply #20 on: February 03, 2018, 03:18:20 pm »
...looking back at comments, I found out this domain blocked as well, somewhat similar config... (192.168.0.1 being my VIP)

grep steepto.com /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld

/var/db/pfblockerng/dnsbl/easy_list.txt:local-data: "steepto.com 60 IN A 192.168.0.1"
/var/db/pfblockerng/dnsblorig/ad_servers.orig:127.0.0.1   imgg.steepto.com
/var/db/pfblockerng/dnsblorig/easy_list.orig:||steepto.com^$third-party
/var/db/pfblockerng/dnsblorig/easylist.orig:||steepto.com^$third-party
/var/db/pfblockerng/dnsblorig/hpHosts.orig:127.0.0.1   imgg.steepto.com
/var/db/pfblockerng/dnsblorig/hpHosts_ads.orig:127.0.0.1   imgg.steepto.com
/var/unbound/pfb_dnsbl.conf:local-zone: "steepto.com" redirect local-data: "steepto.com 60 IN A 192.168.0.1"