Whitelist not working

Question

Whitelist not working

Closed this issue 5 years ago · 5 comments

gatsukito commented 5 years ago

Steps

Fill /opt/ioc2rpz/cfg/whitelist1.txt with "yellowcabnc.com"
Add whitelist into RPZ with IOC Source it blocks "yellowcabnc.com"
Publish configuration
Export BIND configuration
Update your BIND 9 server
You use dig or connect to BIND 9 from your PC and you do http request to "yellowcabnc.com". The site is down with NXDOMAIN response

How can I do than whitelist allows me to do http request to "yellowcabnc.com"?

Answer 1 · 2019-12-04T09:53:43.000Z

Am I right that:

Your IoC source contains "yellowcabnc.com"
Your whitelist contains "yellowcabnc.com"
You did "checked/enabled" the whitelist in RPZ configuration?

Please provide from your ioc2rpz.conf file the following lines:

source
whitelist
rpz

Depending on the results I may move it from ioc2rpz.gui to ioc2rpz

Answer 2 · 2019-12-04T22:41:20.000Z

Yes, I am using a source with this link: https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt and it contains "yellowcabnc.com"

My whitelist contains "yellowcabnc.com"

And also my RPZ configuration has checked the white list.

Finally, this is my config about ioc2rpz.conf

% whitelist record: name, path, regex
{whitelist,{"whitelist_1","file:/opt/ioc2rpz/cfg/whitelist1.txt",none}}.

% source record: name, axfr_path, ixfr_path, regex
{source,{"dns-bh","http://mirror1.malwaredomains.com/files/spywaredomains.zones","[:AXFR:]","^zone \"([A-Za-z0-9\-\._]+)\".*$"}}.
{source,{"notracking_hosts","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt","[:AXFR:]","^0\.0\.0\.0 ([A-Za-z0-9\._\-]+[A-Za-z])$"}}.
{source,{"notracking_domains","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt","[:AXFR:]","^address=\/([A-Za-z0-9\._\-]+[A-Za-z])\/0\.0\.0\.0$"}}.
{source,{"conficker","https://data.netlab.360.com/feeds/dga/conficker.txt","[:AXFR:]","^(?!host)(?!ip)\"?\'?([A-Za-z0-9][A-Za-z0-9\-\._]+)[^A-Za-z0-9\-\._]*.*$"}}.

% rpz record: name, SOA refresh, SOA update retry, SOA expiration, SOA NXDomain TTL, Cache, Wildcards, Action, [tkeys], ioc_type, AXFR_time, IXFR_time, [sources], [notify], [whitelists]
{rpz,{"dns-bh.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["dns-bh"],["127.0.0.1"],["whitelist_1"]}}.
{rpz,{"notracking.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["notracking_hosts","notracking_domains"],[],["whitelist_1"]}}.
{rpz,{"conficker.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["conficker"],[],["whitelist_1"]}}.

Answer 3 · 2019-12-05T06:58:02.000Z

Thanks for reporting!
I've fixed the bug in the "dev" branch.
I'll need to make a few tests before moving it to the "master" branch.

Answer 4 · 2019-12-05T17:56:43.000Z

Thanks you. ioc2rpz is a big tool and I love it

Answer 5 · 2019-12-09T07:05:09.000Z

Thanks! I've pushed the patch to the master branch.