From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fchk04Fdgz335T for ; Fri, 20 Mar 2026 12:30:48 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fchjx2FKMz2xQT for ; Fri, 20 Mar 2026 12:30:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fchjw1d7qz5hN for ; Fri, 20 Mar 2026 12:30:44 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1774009844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eoYnTpUYsx8xvhkkgD9ceo8JG0ir9CqHFTOQJkBJHRc=; b=BHySSXagsZP04OKcRePiaRjFPvPIDGM8PVBbit+ttVwJbbiwk+W2CpIlR0C4iBwZf60Nox Fah10DqkR7dci6Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1774009844; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eoYnTpUYsx8xvhkkgD9ceo8JG0ir9CqHFTOQJkBJHRc=; b=p7iWL21auLZxYQX/gKnOdzrNp6kUB8TtKhutUR8TfpwV94tzT+iClI780r6fdpQrPfb6uu mZuO1NUmYiEFY1ZHiv1lMcWOmBKDGVKezZtzXAnSF4OPafVFRHMN4blaMan2JC9b1vGm2Q RFlkDrf7aKM90SNYNqS3k+NzH06oahQA1pItcVkdRf/HGZtq0QusdhtTwRqabb7/fnER0D FeaHXZTo4KZhUYmCnJwrIVYoKWk6w8cHVW641NVWQU789VWZuInIyEgpMpSq8dqdw19bVl JUxYdLLpJsf17t1niaFlg/h8pshjfcRqVnf/SBgRkRusH0B4dQy6rdG/foMLxg== Message-ID: Date: Fri, 20 Mar 2026 13:30:35 +0100 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Language: en-GB To: "IPFire: Development-List" From: Adolf Belka Subject: Feedback on issues with DNSFW in CU201 Testing Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi All, I am having issues with getting DNSFW to work properly, it fails in many conditions to block things from the list. The dbl list works fine for me in the URL Filter for both CU200 and CU201 Testing. For my testing I created a new install of CU201 Testing and just went straight to DNSFW and enabled the Gambling and Pornography categories and Saved. Then selected the Green network for both categories using the pencil edit option. In this setup I had no Web Proxy enabled. I then cleared the browser cache and set the Browser to No Proxy. I then tested out nl.onecasino.com and www.xnxx.com in Firefox and in Netsurf The gambling site was blocked and gave the message Unable to connect Firefox can’t establish a connection to the server at nl.onecasino.com. For the porn site it was not blocked but opened up. I tried with two other gambling and porn sites. All three gambling sites were blocked. All three porn sites were allowed through. In the DND: Unbound System Logs I found 12:52:26 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.postcodeloterij.nl. rpz-nxdomain 192.168.200.11@44247 www.postcodeloterij.nl. A IN 12:52:26 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.postcodeloterij.nl. rpz-nxdomain 192.168.200.11@44356 www.postcodeloterij.nl. HTTPS IN 12:51:32 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.onecasino.com. rpz-nxdomain 192.168.200.11@55955 nl.onecasino.com. A IN 12:51:32 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.onecasino.com. rpz-nxdomain 192.168.200.11@49136 nl.onecasino.com. HTTPS IN 12:50:41 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.hollandcasino.nl. rpz-nxdomain 192.168.200.11@47229 welkom.hollandcasino.nl. A IN 12:50:41 unbound: [1820:0] info: rpz: applied [gambling.rpz.ipfire.org] *.hollandcasino.nl. rpz-nxdomain 192.168.200.11@43346 welkom.hollandcasino.nl. HTTPS IN So the blocked gambling sites were in the logs but not any of the pornography sites had tested. Then tried the browser with the Network Settings set to Use system proxy settings and the same result occurred. I then turned on the Web Proxy with conventional connection on port 800. Saved and restarted and then Cleared the web proxy cache. Then I cleared the browser cache and set the Network Settings to Manual proxy configuration with the IP of my IPFire system being tested. I then tested the same three gambling URL's and Porn URL's. All of the sites were opened up. In the DNS: Unbound system log there were no new entries. In the Proxy Logs there were entries for the gambling and porn sites. I have also tested the browser out using the web proxy with the Automatic proxy configuration URL accessing the wpad file via dhcp and that also had the same results as using the Manual proxy configuration option. I have repeated a lot of my tests multiple times, also with repeated new installs and for me, as long as I ensured I had cleared the web proxy and browser caches, always came up with the same results as I have described above. It would be good to know if any of you also experience the same effect or if it works without problems for yourselves. Regards, Adolf.