Netgate SG-1000 microFirewall

Author Topic: How to stop pfblockerNG from blocking sites??  (Read 335 times)

0 Members and 1 Guest are viewing this topic.

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
How to stop pfblockerNG from blocking sites??
« on: January 01, 2018, 10:29:10 am »
Foolishly when I installed pfblockerNG I failed to consider how blocking online advertisers would effect my ability to shop online. Now if I google an item that I want to purchase I just get a 1x1 pixel page. I tried whitelisting the blocked sites in the "alerts" tab, but that just results in another block alert the next time I try to visit the site and if I try whitelisting again I get a message that the site is already whitelisted. I have deleted all my IPv4 listings and their associated rules. I've run multiple updates in pfb. I even tried clearing the cache on my browser. What did I miss? My goal now is just to block malicious traffic, but not sure how to remove the blocks for ads?
pfSense vs 2.4.3
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 740
  • Karma: +96/-2
    • View Profile
Re: How to stop pfblockerNG from blocking sites??
« Reply #1 on: January 01, 2018, 01:03:58 pm »
After you have whitelisted a few sites in DNSBL, to settle things, run a Force Update DSNBL.
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.4_1

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
Re: How to stop pfblockerNG from blocking sites??
« Reply #2 on: January 01, 2018, 05:26:27 pm »
After you have whitelisted a few sites in DNSBL, to settle things, run a Force Update DSNBL.
I tried that. The alerts tab showed that the sites were still being blocked and were also white listed. Even after running the update.
pfSense vs 2.4.3
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 740
  • Karma: +96/-2
    • View Profile
Re: How to stop pfblockerNG from blocking sites??
« Reply #3 on: January 01, 2018, 05:52:45 pm »
most domain names ended up TLD if you enabled TLD.

For example : 6634248.fls.doubleclick.net
Quote
grep 6634248.doubleclick.net /var/unbound/pfb_dnsbl.conf

grep fls.doubleclick.net /var/unbound/pfb_dnsbl.conf

grep doubleclick.net /var/unbound/pfb_dnsbl.conf

local-data: "www.doubleclick.net.my 60 IN A 10.10.10.1"
local-zone: "doubleclick.net" redirect local-data: "doubleclick.net 60 IN A 10.10.10.1"

If you put 6634248.fls.doubleclick.net in Custom whitelist, it won't whitelist it as any request for  *.doubleclick.net will give the VIP adress.

So if you want whitelist to all subdomain *.doubleclick.net, you had *.doubleclick.net to the Custom whitelist.

If you want to only whitelist 6634248.fls.doubleclick.net then you have to put doubleclick.net in the TLD Exclusion List. Do a Force Reload DNSBL, now instead of collapsing all doubleclick.net domain names into *.doubleclick.net, it will just collect all doubleclick.net domain names as they are listed in the tables. This could increase the number of Domain in DNSBL by hundreds.

After the Force Reload DNSBL, you can then whitelist any doubleclick.net domain from the Alerts Tab or with Custom Whitelist.

When you are done whitelisting domains, I recommend to run Force Reload DNSBL to settle things. Sometimes whitelisting temporary vanishes at Cron Update if the table containing the whitelisted domain names isn't downloaded, then magically return at next Cron update that download the table)
2.3.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_2/Dev, suricata 4.0.4_1