Differences

This shows you the differences between two versions of the page.

--- pfsense:pfblockerng:install_pfblockerng:setup_dnsbl_blocking [2021/01/28 10:44] – created peter
+++ pfsense:pfblockerng:install_pfblockerng:setup_dnsbl_blocking [2023/04/22 09:22] (current) – [Enable DNSBL] peter
@@ Line 1: / Line 1: @@
 ====== PFSense - pfBlockerNG - Install pfBlockerNG - Setup DNSBL Blocking ======
+===== Enable DNSBL =====
+Navigate to **Firewall -> pfBlockerNG -> DNSBL**.
+In **DNSBL**:
+  * Enable DNSBL:  **Checked**.
+  * Wildcard Blocking (TLD):  **Checked**.
+<WRAP warning>
+**WARNING:**  Wildcard Blocking (TLD) uses a lot of RAM.
+Do not enable this on systems with less than 8GB RAM!
+This setting enables additional processing to block ALL sub-domains for advanced blocking.
+For example, a list with sharewiz.net would also result in blog.sharewiz.net also being blocked if TLD is enabled.
+</WRAP>
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_tld.png?800|}}
+----
+In **DNSBL Webserver Configuration**:
+  * Virtual IP Address: **10.10.10.1**.  This is the default IP address and should be fine.  Only change if needed.  Enter an IP address that is not in your internal networks, something like 10.10.10.10.
+  * VIP Address Type: **IP Alias**.  The default.  Only change if needed.
+  * Port: **8081**. The default.  Only change if needed.
+  * SSL Port: **8443**.  The default.  Only change if needed.
+  * Webserver Interface:  **LAN**.  The default.  Only change if needed.  Select LAN or another internal interface to listen on.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_webserver_configuration.png?800|}}
+----
+In **DNSBL Configuration**:
+  * Permit Firewall Rules:  **Checked**.
+<WRAP info>
+**NOTE:**
+  * If you ONLY have one LAN interface, leave this setting unchecked.
+  * If you have multiple LAN interfaces, check this setting and select each interface to protect.
+</WRAP>
+  * Scroll to the bottom of the page and click the **Save** button.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_permit_firewall_rules_multiple_lans.png?800|}}
+----
+In **DNSBL Whitelist**:
+  * See [[PFSense:pfBlockerNG:DNSBL:DNSBL Whitelist|DNSBL Whitelist]].
+  * Enter the following white-list domains and modify as you like:
+  * <code>
+.play.google.com
+.drive.google.com
+.accounts.google.com
+.www.google.com
+.github.com
+.outlook.live.com
+.edge-live.outlook.office.com # CNAME for (outlook.live.com)
+.outlook.ha-live.office365.com # CNAME for (outlook.live.com)
+.outlook.ha.office365.com # CNAME for (outlook.live.com)
+.outlook.ms-acdc.office.com # CNAME for (outlook.live.com)
+.amazonaws.com
+.login.live.com
+.login.msa.akadns6.net # CNAME for (login.live.com)
+.ipv4.login.msa.akadns6.net # CNAME for (login.live.com)
+.mail.google.com
+.googlemail.l.google.com # CNAME for (mail.google.com)
+.pbs.twimg.com
+.wildcard.twimg.com # CNAME for (pbs.twimg.com)
+.sites.google.com
+.www3.l.google.com # CNAME for (sites.google.com)
+.docs.google.com
+.mobile.free.fr
+.plus.google.com
+.samsungcloudsolution.net
+.samsungelectronics.com
+.icloud.com
+.microsoft.com
+.windows.com
+.skype.com
+.googleusercontent.com
+</code>
+----
+In **DNSBL IPs**:
+  * List Action: **Deny Both**.
+  * Enable Logging: **Enable**.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_dnsbl_ips.png?800|}}
+Scroll to the bottom of the page and click the **Save** button.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_save.png?800|}}
+----
+===== Setup DNSBL EasyLists =====
+Navigate to **Firewall -> pfBlockerNG -> Feeds**.
+Scroll down to the **DNSBL Category** section.
+Select the **Easylist** by clicking on the **+** key towards the left side.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist.png?800|}}
+<WRAP info>
+**NOTE:**  See:  [[PFSense:pfBlockerNG:Add DNSBL Feeds|Add DNSBL Feeds]].
+</WRAP>
+----
+Set EasyList Feeds to:
+  * State: **ON**
+  * Action: **Unbound**
+  * Update Frequency: **Once per day**
+{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist_feeds.png?800|}}
+Scroll to the bottom of the page and click the **Save** button.
+{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_save.png?800|}}
+----
+===== Setup Custom DNSBL Lists =====
+See [[PFSense:pfBlockerNG:pfBlockerNG DNSBL Lists|pfBlockerNG DNSBL Lists]].
+Navigate to **Firewall -> pfBlockerNG -> DNSBL -> DNSBL Groups**.
+Click the **Add** button.
+Give it a **Name** and **Description**.
+Add in as many **DNSBL Source Definitions** as needed.
+Set:
+  * State: **ON**
+  * Action: **Unbound**
+  * Update Frequency: **Once per day**
+For Example:
+{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_pi_hole.png?800|}}
+----
+Return to [[PFSense:pfBlockerNG:Install pfBlockerNG|Install pfBlockerNG]] or continue to [[PFSense:pfBlockerNG:Install pfBlockerNG:Update Blocking Lists|Update Blocking Lists]].
+----