Netgate SG-1000 microFirewall

Author Topic: How to Allow pfBlocker to Bypass itself for list fetches  (Read 125 times)

0 Members and 1 Guest are viewing this topic.

Offline guardian

  • Full Member
  • ***
  • Posts: 264
  • Karma: +8/-0
    • View Profile
How to Allow pfBlocker to Bypass itself for list fetches
« on: February 21, 2018, 09:56:44 pm »
I've been using pfBlocker for the last 6-8 months, and it's been doing a great job.  Thanks bbcan177 for all your hard work!

One of the lists I'm using has in the dnsbl, and I can see that gethub would be a great place to host malware (for awhile until it gets taken down-which I'm sure would happen fairly quickly), so I'm thinking it would be best to leave the block in place rather than remove it.  Only problem is that is also a source of many block lists. 

Is there a work around for this other than whitewashing it totally?

Of less importance would be a way for a short term exception to download something from - I currently use a VM with a VPN to tunnel around the firewall, a PITA if the VPN isn't already spinning to wait for it to boot, but it works.  However letting pfBlocker download a link that I have specifically curated is the priority.

Any suggestions/assistance/ideas would be much appreciated.

Offline motific

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +4/-0
    • View Profile
Re: How to Allow pfBlocker to Bypass itself for list fetches
« Reply #1 on: February 24, 2018, 07:19:31 pm »
I have mailed BBCAN177 and asked about whitelisting list domains automatically and his response was whitelisting them would be unexpected behaviour for end users and I agree that it would be a bad thing.

He did suggest that theoretically as the whitelisting can now be done instantly that code to temporarily whitelist domains and then revert them afterwards could be possible at some point in the future.

Without knowledge of what blocking you have in place it's difficult to say what you could do reliably.  If you're ok with web-based proxies then that is one option.   That way pfBlocker would only see the request to the proxy domain, not the blocked domain which is either part of the URL or encrypted/obfuscated entirely. 

For example I put a list I use into one proxy site and got this URL back...

https ://www.*sitenameredacted*.com/browse.php/jFq3YZ2gvRvXF3vBTEqKxhzEqhrhb9TNwIVIO6BD649KAQxY7W0fRByEs2TrB8Z5uRyDQTRJxht5weSttltrT64_3D/b29/fnorefer/ long as the proxy site is not blocked then your lists will be accessible to pfBlocker.  Obviously you have to trust that proxy not to MITM your traffic or otherwise break stuff, which is why I've not included the name here.