The pfSense Store

Author Topic: DNS Blacklist, New Package! Check it out.  (Read 54532 times)

0 Members and 1 Guest are viewing this topic.

Offline Supermule

  • Hero Member
  • *****
  • Posts: 1490
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #15 on: October 06, 2009, 09:28:48 am »
If this isn't supported and maintained, pls. inform me how to delete it completely! It wont go away.....any way I do it.
Kind regards Brian


Offline xa0z

  • Jr. Member
  • **
  • Posts: 30
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #16 on: October 06, 2009, 10:10:01 am »
Okay, what you need to do is "Remove" the package like normal... then Re-Install it like normal.  Then the new version has the fixes to take care of the problems you're having.  You can then remove it to completely remove it, or you can keep using it. 

My only problem is that this is starting to move a direction in which I don't seem to have anymore say so in the project.  I'm not saying anything bad, and I'm not about to put mcrane down, he's a great guy and has helped me a great deal with stuff, but I just wish the project I started, and wrote part of... I had some control over.

Offline Supermule

  • Hero Member
  • *****
  • Posts: 1490
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #17 on: October 06, 2009, 10:12:31 am »
That is quite understandable.....:)

You have my support for the project, but it seems that the way the list is generated and the source of the data, is the big hurdle???
Kind regards Brian


Offline xa0z

  • Jr. Member
  • **
  • Posts: 30
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #18 on: October 06, 2009, 10:31:01 am »
I want to compile my own database.  I want to get it as simple as possible where specific rated categories are available for certin things.  I want to remove all the IPs in the database and use only hostnames (for now) to help keep it clean.   Web Browsers don't do reverse lookups so having all those extra useless items is a waste of RAM.

I will try my best to keep with the program, just want to make sure it stays on track.  I mean the whole point to me starting this was to help out, and if it's not helping me, how can it help others?


Offline Supermule

  • Hero Member
  • *****
  • Posts: 1490
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #19 on: October 06, 2009, 10:33:05 am »
Exactly. :)

Keep it up! You are on the right track....IP's change. Domainnames do not as often....So it is a good argument.
Kind regards Brian


Offline mcrane

  • Sr. Member
  • ****
  • Posts: 495
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #20 on: October 06, 2009, 10:47:34 am »
The problem is the list. As I stated before it has to be created ethically. That is compiled from free lists where the owners give their permission.

I will not commit something to pfSense that makes me an accessory to stealing. That is why I refused to commit the package with the previous list. If I did this I would expect to get my commit authority revoked.

It is not impossible to find lists that are free for any use and supplement them, and improve them with your own domains you and others find while searching.

Offline xa0z

  • Jr. Member
  • **
  • Posts: 30
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #21 on: October 06, 2009, 10:51:54 am »
That is exactly what I'm doing.  I'm not worried about the urlBlacklists database anymore.  I am just saying that I'm getting the database taken care of on my own, and it will be greatly categorizied.

Offline Davc

  • Jr. Member
  • **
  • Posts: 57
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #22 on: October 06, 2009, 08:27:15 pm »
I think this is a good project, if the DNS Blacklist is good and effectively use. Surely there will be people supported and willing to donate some subscription fee to maintain the Blacklist and the project itself in this Pfsense forum/members.

I am no expert in here, but there are people who might (already) using OpenDNS to filter, as long as this project don't run the same track as the OpenDNS or able to offer more than OpenDNS. I think there are light on this projects.

Good Work !!  ;)

Offline madapaka

  • Full Member
  • ***
  • Posts: 188
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #23 on: October 07, 2009, 01:02:47 am »
Hi Davc,

I've tried DNS blacklist in one of my pfSense box but it broke the dns forwarder service, after installation the dnsmasq service stopped and can't be restarted even after repeated tries and reboot. I uninstalled the aforementioned package but I still can't start the dnsmasq service,I had to examine other working boxes to see what files have been added or changed by the DNS blacklist package, it added the dnsmasq.conf which I've deleted and my dnsmasq service finally started.

Did I missed something?

Regards,

Jan

Offline mcrane

  • Sr. Member
  • ****
  • Posts: 495
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #24 on: October 07, 2009, 01:13:26 am »
When you tried to start dnsmasq. If you would have looked at the Diagnostics: System logs: System and looked for errors inr regards to dnsmasq then you should be ablt to find a description why it refused to start.

Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #25 on: October 07, 2009, 03:24:14 am »
Good job :)

I have Q.. How to block HTTPS? (except legit HTTPS)?

jigp

Offline Davc

  • Jr. Member
  • **
  • Posts: 57
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #26 on: October 07, 2009, 11:48:44 am »
Mine is running fine.

1.2.3-RC2
built on Sat Jul 18 19:19:52 EDT 2009
FreeBSD 7.2-RELEASE-p2 i386

DNS Blacklist 0.2.4

Yes, after the installation of DNS Blacklist. I have to manual restart the services.

My Box run in Bridge mode, I guess yours are different in NAT mode.

Davc

Offline xa0z

  • Jr. Member
  • **
  • Posts: 30
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #27 on: October 07, 2009, 12:23:15 pm »
After installing DNS Blacklist you shouldn't be required to restart dnsmasq as nothing is edited that pertains to dnsmasq at the time.  DNS Blacklist adds the dnsmasq.conf, and dnsmasq.blacklist.conf files into /usr/local/etc/.  When DNS Blacklist is enabled it adds a string into dnsmasq.conf to load the dnsmasq.blacklist.conf file, then restarts dnsmasq.  Any of the categories you select are entered within the dnsmasq.blacklist.conf file and that is what allows us to filter dns querys to the local server.

I am in no way out to seek any money from anyone for the blacklist database I'm putting together.  I can maintain a "main blacklist" but users would be free to add their own domains that aren't already listed.   Here soon I'll work on adding a custom Blacklist/Whitelist text area for you to enter your own on the fly.

If you want to block all https, you need to put a block on dport:443, that isn't associated with DNS Blacklist.


Offline jigpe

  • Sr. Member
  • ****
  • Posts: 371
    • View Profile
Re: DNS Blacklist, New Package! Check it out.
« Reply #28 on: October 08, 2009, 02:58:39 am »
If you want to block all https, you need to put a block on dport:443, that isn't associated with DNS Blacklist.
- I dont want to block 443 from Firewall LAn.. Some users needs to access legitimate https sites.... Kindly show us the right way xa0z? Thanks

jigp

Offline boblmartens

  • Newbie
  • *
  • Posts: 7
    • View Profile
    • Martin Luther College
Re: DNS Blacklist, New Package! Check it out.
« Reply #29 on: October 09, 2009, 10:21:53 am »
I can't really thank you enough for putting in the effort for this package. This is exactly what my place of employment has been looking for to push us off of using WatchGuard Fireboxes and moving to a custom-built firewall running pfSense.

Thanks, and if you need any help, let me know!