Wiki

User Tools

Site Tools

Trace:
pfsense:pfblockerng:whitelisting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:pfblockerng:whitelisting [2021/02/07 18:16] peterpfsense:pfblockerng:whitelisting [2021/02/07 18:32] (current) – [Whitelist a specific domain that is blocked] peter
Line 18: Line 18:
 {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_whitelist.png?800|}} {{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_whitelist.png?800|}}
  
-When clicking the **+** you will then receive a prompt about whether you want to perform a wildcard whitelist or just a whitelist.+<WRAP info> 
 +**NOTE:**  When clicking the **+** you will then receive a prompt about whether you want to perform a wildcard whitelist or just a whitelist.
  
 Read the explanation, but typically use whitelist because it is more exact and less prone to letting something past. Read the explanation, but typically use whitelist because it is more exact and less prone to letting something past.
 +
 +If the domain that is being whitelisted has a CNAME records, pfBlockerNG is smart enough to add these too.
  
 <WRAP tip> <WRAP tip>
-Adding a description so you know what was broken and/or why you fixed it, i.e. today it makes perfect sense, but it might not 6 months from now.+**TIP**: Adding a description so you know what was broken and/or why you fixed it. 
 + 
 +It might make sense today of why this was whitelisted, but it might not 6 months from now.
 </WRAP> </WRAP>
  
 +</WRAP>
  
-If you go back to the main DNSBL tab and expand the DNSBL Whitelist section toward the bottom, you should now see the domain you whitelisted.+----
  
-You might also notice that if the domain you are whitelisting has CNAME records, pfBlockerNG is smart enough to add those too.+===== Check what domains are whitelisted =====
  
 +Navigate to **Firewall -> pfBlockerNG -> DNSBL**.
  
-Simply type each domain in on a separate line and then click **Save** if you know which domains to whitelist.  If you want the whitelist additions/changes to occur sooner rather than later, you will also need to go back to the **Update** tab and click **Run**.  If you don’t want to do the trial and error on your own see some whitelist recommendations below.+  Expand the **DNSBL Whitelist** section toward the bottom.
  
-It's also worth mentioning that if a system already resolved the domain name on your system and it is previously resolved to 10.10.10.1, then you may need to clear your local DNS cache, your browser cache, or both.  To clear your machine’s cache, from a command line on Windows, type in **ipconfig /flushdns** and that should take care of it.  You can run a similar command on a Linux system, although the commands can vary from one installation to the next.  More often than not, simply restarting your network interface will work; on most distributions, **service networking restart** or **systemctl restart network** should take care of it for you.  Each browser has a slightly different way to clear the cache, however, all of them allow you to pull a new version of the website if you hold down **Shift** while clicking on the refresh/reload button.+----
  
-If ads are not getting blocked and the ping commands above don’t return the virtual IP address, it’s also possible your local machine is not using pfSense for its DNS settings. If you are using Windows, check your network settings and make sure it is set to your pfSense IP address. On Linux/*nix, check your /etc/resolv.conf or even Network Manager (if using a GUI).  If you are not using pfSense for your DHCP server, you may need to do some digging.+===== Add manual entries to the Whitelist =====
  
-Browsers can also get in the way especially with the advent of DNS over HTTPS.  If you find your ping tests work, but your browser doesn’t, then that is most likely your issue Although somewhat uncommonsome anti-virus packages and endpoint protection can mess with your DNS settings too Furthermore, those changes may not necessarily be reflected in your operating system’s DNS settings.  For exampleAvast Premier has a Secure DNS feature that will force your browser to use Avast specified DNS servers in an effort to prevent DNS hijacking.  If you find that other devices on your network are blocking ads and one particular device doesn’t, then your anti-virus or endpoint protection very well may be the culprit.  When all else fails, you can always fire up Wireshark for a packet capture to ensure your system is querying the DNS server(s) you specify.+Navigate to **Firewall -> pfBlockerNG -> DNSBL**. 
 + 
 +  * Expand the **DNSBL Whitelist** section toward the bottom. 
 + 
 +<WRAP info> 
 + 
 +**NOTE:**  Simply type each domain in on a separate line and then click **Save**. 
 + 
 +Regex entries are not supported. 
 + 
 +To whitelist all subdomainsprefex the line with a dot. 
 + 
 +In order for the whitelist changes to be picked up by pfBlockerNG, an update needs to be run. 
 + 
 +  * Either wait for the next automated update run to happen; or 
 +  * Navigate to **Firewall -> pfBlockerNG -> Update** and click **Run**. 
 + 
 +It is recommended to clear your local DNS cache, your browser cache, or both. 
 + 
 +</WRAP>
  
 ---- ----
pfsense/pfblockerng/whitelisting.1612721797.txt.gz · Last modified: 2021/02/07 18:16 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki