Wiki

User Tools

Site Tools

Trace:
pfsense:pfblockerng:add_dnsbl_feeds

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:pfblockerng:add_dnsbl_feeds [2021/02/07 17:59] peterpfsense:pfblockerng:add_dnsbl_feeds [2021/02/07 18:06] (current) – [Forcing DNSBL feed updates] peter
Line 41: Line 41:
 If we go back to the Feeds, a category (group) recommend adding is hpHosts.  Click the **+** next to the hpHosts header (top left) to add all the feeds related to this category. If we go back to the Feeds, a category (group) recommend adding is hpHosts.  Click the **+** next to the hpHosts header (top left) to add all the feeds related to this category.
  
-After clicking the **+** next to the hpHosts category, you are taken to a DNSBL feeds page with all of the feeds under that category pre-populated.  All of the feeds in the list will initially be in the **OFF** state.  You can go through and enable each one individually or you can click **Enable All** at the bottom of the list.+After clicking the **+** next to the hpHosts category, you are taken to a DNSBL feeds page with all of the feeds under that category pre-populated. 
 + 
 +All of the feeds in the list will initially be in the **OFF** state. 
 + 
 +You can go through and enable each one individually or you can click **Enable All** at the bottom of the list.
  
 {{:pfsense:pfsense_pfblockerng_feeds_hphosts.png?800|}} {{:pfsense:pfsense_pfblockerng_feeds_hphosts.png?800|}}
Line 61: Line 65:
 ===== Other items worth mentioning ===== ===== Other items worth mentioning =====
  
-If you take a look at the **Malicious** category, you will notice that some feeds have selectable options, such as such as the SANS Internet Storm Center feeds (bullet points).  I personally recommend switching the feed from ISC_SDH (high) to ISC_SDL (low) as the high feed has under 20 entries and the low feed includes the high feed.+If you take a look at the **Malicious** category, you will notice that some feeds have selectable options, such as such as the SANS Internet Storm Center feeds (bullet points).
  
-I addition, I haven’t seen many false positives when using the expanded (low) list.+<WRAP info> 
 +**NOTE:**  It is recommended to switching the feed from ISC_SDH (high) to ISC_SDL (low) as the high feed has under 20 entries and the low feed includes the high feed.
  
-Take note of the door-arrow graphic icons next to several feeds.  The door-arrow graphic means the feed is a subscription feed, which at the very least means you need to register for it.  Some subscription feeds also have a fee associated with them.  Subscription feeds can have a lower false positive rate and are typically updated on a more frequent basis.  You will see selectable options and subscription feeds throughout the DNSBL feeds so it is important to understand what these graphics mean.+In addition, not many false positives have been noticed when using the expanded (low) list. 
 +</WRAP> 
 + 
 +Take note of the door-arrow graphic icons next to several feeds. 
 + 
 +  The door-arrow graphic means the feed is a subscription feed, which at the very least means you need to register for it. 
 +  Some subscription feeds also have a fee associated with them. 
 +  Subscription feeds can have a lower false positive rate and are typically updated on a more frequent basis. 
 +  You will see selectable options and subscription feeds throughout the DNSBL feeds so it is important to understand what these graphics mean.
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_malicious.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_malicious.png?800|}}
Line 110: Line 123:
 To force the changes, go over to the **Update** tab within pfBlockerNG. To force the changes, go over to the **Update** tab within pfBlockerNG.
  
-Heed the warning and make sure you are not going to run the updates near the time your cron job would automatically run.  If the countdown timer is less than minutes, I would not recommend running it and instead just wait for the system to run it automatically.+<WRAP important> 
 +**WARNING:**  Heed the warning and make sure you are not going to run the updates near the time your cron job would automatically run. 
 + 
 +If the countdown timer is less than 10 minutes, do not run it and instead just wait for the system to run it automatically. 
 + 
 +</WRAP>
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update.png?800|}}
  
-Assuming you are good on the time, go ahead and click the **Run** button.  You will see progress updates in the gray window below including the number of domains downloaded for each list, when the list was last updated, etc.  Also note that pfBlockerNG is smart enough to check for and eliminate duplicate DNS (# Dups) entries between the lists.+Assuming you are good on the time, go ahead and click the **Run** button. 
 + 
 +  * Progress updates will be seen in the gray window below including the number of domains downloaded for each list, when the list was last updated, etc. 
 +  pfBlockerNG is smart enough to check for and eliminate duplicate DNS (# Dups) entries between the lists.
  
 {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update_run_manually.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update_run_manually.png?800|}}
pfsense/pfblockerng/add_dnsbl_feeds.1612720789.txt.gz · Last modified: 2021/02/07 17:59 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki