Changes between Version 1 and Version 2 of noc2018/agenda/PfsensepfBlockerNG


Ignore:
Timestamp:
Dec 5, 2018, 7:05:13 PM (7 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • noc2018/agenda/PfsensepfBlockerNG

    v1 v2  
    44Blocking countries and IP ranges, DNS lists is easy with pfBlocker.
    55
     6
    67To Install go to Package Manager and search and install pfBlocker-NG. This will take some time to install
    78
    8 Once Installed goto Firewall > pfBlockerNG for settings.
     9'''Before going further go to ntopng settings and disable it otherwise your pfSense will get stuck due to low memory'''
     10
     11Once pfBlocker-NG is installed, goto Firewall > pfBlockerNG for settings.
    912
    1013On pfBlockerNG settings, General Page, tick '''Enable''' and Save.
     
    2629
    2730- All devices in the network should resolve DNS from pfsense. You have to block accessing public DNS resolvers by your clients. eg: write a block rule on DNS ports for outgoing traffic from your LAN.
    28 - Need to maintain updated DNS list of unwanted domains.
     31- Need to maintain an updated DNS list of unwanted domains.
    2932
    3033To accomplish the second point above we will associate some publicly available community maintained dns block lists based on content category.
     
    3437- https://github.com/StevenBlack/hosts
    3538
     39on pfBlockerNG, go to DNSBL tab and tick '''enable DNSBL'''
     40
     41When blocking is enabled all matched domains will be redirected to a IP address known as '''DNSBL Virtual IP''' and it will reply with a plain pixel. Therefore, you have to configure an IP address that is not used in your LAN segment. For the lab purposes change '''DNSBL Virtual IP''' to 192.168.254.254 as we do not use that IP in our network.
     42
     43Then Define a List action from '''DNSBL IP Firewall Rule Settings''', ideally, Deny Outbound and click save.
     44
     45Next, Go to '''DNSBL Feeds'''
     46
     47Click Add.
     48
     49- DNS GROUP Name:  PRON_Sites
     50- Description: BLock Porn sites
     51- DNSBL:
     52   - Format: Auto
     53   - State: ON
     54   - Source: https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list
     55   - Header: list1 and click Add
     56- on the second line use url: https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list  with Header: List2 and Add
     57- List Action: Unbound
     58- Update Frequency: Once a day
     59- Save
     60
     61Now go to Update and run it. Wait till you see `UPDATE PROCESS ENDED`
     62
     63Then go to your GUI vm and do `nslookup 121sexcam.com` which is a blocked domain. You may also try this on web browser as well.
     64
     65You can also try defining custom feed lists as well.
    3666
    3767
     68