Blocked-hosts problem

Murus
Post Reply
tester
Posts: 1
Joined: Sun Jul 10, 2016 11:11 am

Blocked-hosts problem

Post by tester » Sun Jul 10, 2016 11:47 am

Hi,

I have managed to add domains and IPs to the blocked-hosts group; they appear in /private/etc/murus/murus.blacklist
However, pf fails to start. When running "Test current Murus configuration" I get an "Found an error in your PF configuration, in file /etc/murus/murus.blacklist at row 2" I did some trial and error tests narrowing the domains and IPs on the list and managed to figure out that each entry seems to be checked according to some criteria. Adding a some domains (e.g. 04stream.com) breaks the configuration, while others (e.g. google.com) does not. What is more, some domains like x-x-x.com work fine while xx-xx-xx.com breaks the configuration. Also, wildcard domains (e.g. *.google.com) seem to break the config - is there any way of including them?

What a re the rules / criteria for checking the domains / IPs in the blocked-hosts group? I would like to import a few hundred, so it is crucial for me to know how to prepare the list.

Best wishes,

Adam

hany
Posts: 479
Joined: Wed Dec 10, 2014 5:20 pm

Re: Blocked-hosts problem

Post by hany » Mon Jul 11, 2016 12:10 pm

Hello,

Murus groups (including the hardcoded blocked-hosts group) are lists of IP addresses. You can use also hostnames provided that your system is able to resolve them, as PF does not support hostnames, only IP addresses, as you can see in runtime PF rules.
Wildcards cannot be used, they are not supported by PF.
There is only one simple rule: you must put valid hostnames. A valid hostname is an hostname you can resolve to a valid IPv4 or IPv6 address.
"04stream.com" does not resolve to any IP. "www.04stream.com" does.
"x-x-x.com" does resolve to a valid IP, "xx-xx-xx.com" does not.

Post Reply