I just upgrade to Core update 201 and activated DNS Firewall including the advertising list. Almost immediately, I ran into the problem, that my epaper of Neue Zürcher Zeitung did not load anymore. I found a tip elsewhere to whitelist some domains. After I did that, the epaper worked again on my Firefox, but the epaper app on my tablet still did not work. Wen the advertising blockist is disabled, everything works fine, but enabled the app does not work. So obviously there is one or more domains, the app needs for running. But which? Of course I could find out whether a certain domain is blocked by using nslookup or so, but the problem is that I have no idea what this/those domains coult be. The Logs do not help me, I found nothing helpful.
Is there a log option I could activate or so? Ideally, I could activate the blocklist and logging, load my app and would immediately see what was blocked.
MODERATOR EDIT:
I just removed the 28 threads that were linked into this post. Hopefully it was just a copy and paste error.
The action of the DNS FW is documented in the system logs. tail -f /var/log/messages\ | grep unbound from a shell gives you the information.
Alternatively you can use the WUI, page Logs–>System Logs chapter DNS:unbound
Thanks Bernhard. I found it and the logs seem to be helpful. Detailed investigation has to wait until I have more time, but it looks exactly like what I need.
I tried testing the porn filter with two urls: pornhub.com and playboy.com. Neither were blocked. Then I added those URLs to the custom blocklist on the DNS Firewall page and they were then blocked from access. Is this normal? Did I just need to wait longer for the blocks to take affect?
I just selected and saved the pornography category in the DNS Firewall. Then I tried to access those two domains and both were blocked.
Then I unselected and saved and tried again and nowe both domains could be accessed.
I suspect that your client has the web proxy selected in its settings and that you pressed the pencil icon for the pornography category and selected say the Green Network.
If you did that then the DNS Firewall only blocks traffic coming directly from the Green Network. If you are using the web proxy then your traffic to the DNS will be coming from IPFire and not the Green network and will be passed on.
If you selected one or more of the Network Zones with the pencil icon then go back in and deselect all the selected network zones (Use ctrl key if multiple to be deselected.
Then Update and clear your browser caches and the cache in the web proxy and then try again.
Run /var/cache/unbound/porn.rpz.ipfire.org.zone | grep pornhub.com
and /var/cache/unbound/porn.rpz.ipfire.org.zone | grep playboy.com
and you will get a list of the matches.
If you search with only pornhub and playboy you will get an even bigger list as there are many pornhub sites that don’t end with .com
You can also check if a domain is in a blocklist or not by going to the IPFire DBL web site and then putting the domain in question into the searchbar and it will show you which category(ies) the domain is caught in.
