Do I understand correctly that the wife is an āuntrustedā user? 
Thatās a little joke. 
2 Likes
What else?
1 Like
Thanks to the ingenious display of siosios now I have a question: Despite the correct URL, I donāt get any entries from urlhaus_abuse.
My URL looks like ā https://urlhaus.abuse.ch/downloads/rpz
Maybe either the URLs are included in other RPZs or your devices donāt ask for these URLs.
2 Likes
URLhaus RPZ is ~400 entries. So if all is entered correctly it means you are only visiting good sites and no evil sites!
you can always test one of the sites in the URLhaus by doing a simple:
ping evilURL
and watching the message log:
tail -n100 -f /var/log/messages | grep --color rpz
-n100 grabs the previous 100 message log entries
or by entering:
rpz-metrics
I ran URLhaus RPZ for awhile and I only had 7 entries total.
1 Like
Added the lists from the wiki that I didnāt already have, so
it was just a matter of time and URL accessibility.
jpgpi250 0 enabled 3903 0 % 2025-01-15
threatfox 0 enabled 17789 0 % 2025-01-15
urlhaus_abuse 0 enabled 416 0 % 2025-01-15
I tried the testentry ( first entry in urlhaus_abuse ), RPZ blocks as [URLhaus].
With abissnet.net [Multi] from hagezi blocks.
1 Like
Good work! 
This seems like a nice add on for making Internet safer for the users. How close is it to be approved by the IPFire Developers, so we can install it via the Pakfire web interface?
3 Likes
yes it would be great if the component is installed via Packfire
another thing would be interesting a page where the most relevant sources are listed
2 Likes
In the wiki here www.ipfire.org - Response Policy Zones (RPZ) there is a āRecommended RPZ listsā
3 Likes
thanks, I hadnāt seen them
1 Like
FYIā¦ I have just upgraded to IPF Update 191 and the RPZ add-on continues to work A1-OK.
Kudos to @jon and others that contributed.
4 Likes
I didnāt doubt about that. The addon uses standard functionalities of unbound. I do not fear, these are limted by a new version. It is expectable, that the implementation is enhanced. IMO, security by DNS filtering in the gateway has future potential.
The addon itself is implemented following the steps for IPFire addons. Thx, @jon.
6 Likes
hello
i found a problem on the RPZ component
it was installed and fully functional, with some lists among those present (3 in total) on the link GitHub - hagezi/dns-blocklists: DNS-Blocklists: For a better internet - keep the internet clean!
i wanted to add a new list
but when i activated the added list i found that the cpu went to 100% and the firewall restarted.
once restarted i thought it was my mistake and deleted the added list, when i go to activate the configuration that was the one in function until a moment before the system gives me the error
āRPZ Error: reloading of unassociated control failedā
or deleted all the lists but even with the empty list the situation does not change
Using deepl the error translates to
unassociated control reloading failed
Please post what you entered. Iāll try to recreate. I will need the NAME, URL and REMARK.
you have the lists
https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/gambling.txt
https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/tif.txt
https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/pro.plus.txt
https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/popupads.txt
The guess of the top of my head is the script doesnāt like the /-/ in the URL. As an experiment, can you try this link:
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/gambling.txt
Iāll keep looking
EDIT:
This is a better list to try. It is nice and small.
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/popupads.txt
As a side note: Three of these four lists are HUGE in size:
gambling.txt = 1,009,158
tif.txt = 1,413,414
pro.plus.txt = 591,148
popupads.txt = 173,266
This info comes from the RPZ file when I click on the Hagezi links provided:
; Number of entries: 1009158
So I am worried you may have run out of memory. I recommend not going over 500,000. See:
EDIT2:
Roberto may have experienced the same issue:
EDIT3: Forgot to mention I added all four lists and all is working OK for me. But I have 4GB of Memory.
How much total memory do you have installed on your IPFire device?
1 Like
Hi, where would I find the rpz.cgi file in the directory structure? Thank you!
I fingered it out - #srv/web/ipfire/cgi-bin Works nicely by the way!
1 Like
The error message is error 109 of rpz-config ( or rpz-functions ).
It is generated if unbound-control reload doesnāt succeed.
More information may be available if unbound-control reload or rpz-config reload is started from a command line.
I also suppose it is a memory problem.