Wiki

User Tools

Site Tools

Trace:
pfsense:pfblockerng:add_dnsbl_feeds

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:pfblockerng:add_dnsbl_feeds [2021/02/07 17:29] peterpfsense:pfblockerng:add_dnsbl_feeds [2021/02/07 18:06] (current) – [Forcing DNSBL feed updates] peter
Line 5: Line 5:
 Scroll down to the DNSBL Category section. Scroll down to the DNSBL Category section.
  
-===== Configuring DNSBL feeds =====+Select the specific list to block by clicking on the **+** key towards the left side.
  
-==== Add Feed hphosts ====+For example to include **Easylist**: 
 + 
 +{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist.png?800|}} 
 + 
 +<WRAP info> 
 +**NOTE:**  If you look toward the right, you will see another checkbox.  This means the individual feed is enabled. 
 + 
 +This subtle distinction is extremely important to understanding how aliases and feeds work.  In addition, if a category ever has a problematic feed, you can always disable that feed instead of the entire category, i.e. we do not need to enable every feed for a particular category. 
 + 
 +For example, if you want to add the **EasyList Adware Filter** or one of the language specific feeds, you would click the **+** sign to the far right and that would add the individual feed to the already existing **EasyList** group. 
 + 
 +{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist_adware_plus.png?800|}} 
 + 
 +<WRAP important> 
 +**WARNING:**  You can add as many feeds as you like, but keep in mind that too many feeds can potentially slow down your firewall. 
 + 
 +It’s quite possible just adding a few categories by themselves is too much for a resource starved firewall! 
 + 
 +This is because feeds are periodically downloaded and likewise, unbound is reloaded regularly. 
 + 
 +If you using a system with limited resources (mainly RAM), you need to be extra careful. 
 + 
 +When in doubt, add feeds slowly and keep an eye on memory, CPU, etc. 
 +</WRAP> 
 + 
 +</WRAP> 
 + 
 + 
 +---- 
 + 
 +===== Add Feed hphosts =====
  
 If we go back to the Feeds, a category (group) recommend adding is hpHosts.  Click the **+** next to the hpHosts header (top left) to add all the feeds related to this category. If we go back to the Feeds, a category (group) recommend adding is hpHosts.  Click the **+** next to the hpHosts header (top left) to add all the feeds related to this category.
  
-After clicking the **+** next to the hpHosts category, you are taken to a DNSBL feeds page with all of the feeds under that category pre-populated.  All of the feeds in the list will initially be in the **OFF** state.  You can go through and enable each one individually or you can click **Enable All** at the bottom of the list.+After clicking the **+** next to the hpHosts category, you are taken to a DNSBL feeds page with all of the feeds under that category pre-populated. 
 + 
 +All of the feeds in the list will initially be in the **OFF** state. 
 + 
 +You can go through and enable each one individually or you can click **Enable All** at the bottom of the list.
  
 {{:pfsense:pfsense_pfblockerng_feeds_hphosts.png?800|}} {{:pfsense:pfsense_pfblockerng_feeds_hphosts.png?800|}}
Line 29: Line 63:
 ---- ----
  
-==== Other items worth mentioning ====+===== Other items worth mentioning =====
  
-If you take a look at the **Malicious** category, you will notice that some feeds have selectable options, such as such as the SANS Internet Storm Center feeds (bullet points).  I personally recommend switching the feed from ISC_SDH (high) to ISC_SDL (low) as the high feed has under 20 entries and the low feed includes the high feed.+If you take a look at the **Malicious** category, you will notice that some feeds have selectable options, such as such as the SANS Internet Storm Center feeds (bullet points).
  
-I addition, I haven’t seen many false positives when using the expanded (low) list.+<WRAP info> 
 +**NOTE:**  It is recommended to switching the feed from ISC_SDH (high) to ISC_SDL (low) as the high feed has under 20 entries and the low feed includes the high feed.
  
-Take note of the door-arrow graphic icons next to several feeds.  The door-arrow graphic means the feed is a subscription feed, which at the very least means you need to register for it.  Some subscription feeds also have a fee associated with them.  Subscription feeds can have a lower false positive rate and are typically updated on a more frequent basis.  You will see selectable options and subscription feeds throughout the DNSBL feeds so it is important to understand what these graphics mean.+In addition, not many false positives have been noticed when using the expanded (low) list. 
 +</WRAP> 
 + 
 +Take note of the door-arrow graphic icons next to several feeds. 
 + 
 +  The door-arrow graphic means the feed is a subscription feed, which at the very least means you need to register for it. 
 +  Some subscription feeds also have a fee associated with them. 
 +  Subscription feeds can have a lower false positive rate and are typically updated on a more frequent basis. 
 +  You will see selectable options and subscription feeds throughout the DNSBL feeds so it is important to understand what these graphics mean.
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_malicious.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_malicious.png?800|}}
Line 80: Line 123:
 To force the changes, go over to the **Update** tab within pfBlockerNG. To force the changes, go over to the **Update** tab within pfBlockerNG.
  
-Heed the warning and make sure you are not going to run the updates near the time your cron job would automatically run.  If the countdown timer is less than minutes, I would not recommend running it and instead just wait for the system to run it automatically.+<WRAP important> 
 +**WARNING:**  Heed the warning and make sure you are not going to run the updates near the time your cron job would automatically run. 
 + 
 +If the countdown timer is less than 10 minutes, do not run it and instead just wait for the system to run it automatically. 
 + 
 +</WRAP>
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update.png?800|}}
  
-Assuming you are good on the time, go ahead and click the **Run** button.  You will see progress updates in the gray window below including the number of domains downloaded for each list, when the list was last updated, etc.  Also note that pfBlockerNG is smart enough to check for and eliminate duplicate DNS (# Dups) entries between the lists.+Assuming you are good on the time, go ahead and click the **Run** button. 
 + 
 +  * Progress updates will be seen in the gray window below including the number of domains downloaded for each list, when the list was last updated, etc. 
 +  pfBlockerNG is smart enough to check for and eliminate duplicate DNS (# Dups) entries between the lists.
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update_run_manually.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update_run_manually.png?800|}}
pfsense/pfblockerng/add_dnsbl_feeds.1612718972.txt.gz · Last modified: 2021/02/07 17:29 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki