Whitelist not working

[gatsukito]

Steps

1. Fill /opt/ioc2rpz/cfg/whitelist1.txt with "yellowcabnc.com"
2. Add whitelist into RPZ with IOC Source it blocks "yellowcabnc.com"
3. Publish configuration
4. Export BIND configuration
5. Update your BIND 9 server
6. You use dig or connect to BIND 9 from your PC and you do http request to "yellowcabnc.com". The site is down with NXDOMAIN response

How can I do than whitelist allows me to do http request to "yellowcabnc.com"?

[Homas]

Am I right that:

1. Your IoC source contains "yellowcabnc.com"
2. Your whitelist contains "yellowcabnc.com"
3. You did "checked/enabled" the whitelist in RPZ configuration?

Please provide from your ioc2rpz.conf file the following lines:

• source
• whitelist
• rpz

Depending on the results I may move it from ioc2rpz.gui to ioc2rpz

[gatsukito]

Yes, I am using a source with this link: https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt and it contains "yellowcabnc.com"

My whitelist contains "yellowcabnc.com"

And also my RPZ configuration has checked the white list.

Finally, this is my config about ioc2rpz.conf

% whitelist record: name, path, regex
{whitelist,{"whitelist_1","file:/opt/ioc2rpz/cfg/whitelist1.txt",none}}.

% source record: name, axfr_path, ixfr_path, regex
{source,{"dns-bh","http://mirror1.malwaredomains.com/files/spywaredomains.zones","[:AXFR:]","^zone \"([A-Za-z0-9\-\._]+)\".*$"}}.
{source,{"notracking_hosts","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt","[:AXFR:]","^0\.0\.0\.0 ([A-Za-z0-9\._\-]+[A-Za-z])$"}}.
{source,{"notracking_domains","https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt","[:AXFR:]","^address=\/([A-Za-z0-9\._\-]+[A-Za-z])\/0\.0\.0\.0$"}}.
{source,{"conficker","https://data.netlab.360.com/feeds/dga/conficker.txt","[:AXFR:]","^(?!host)(?!ip)\"?\'?([A-Za-z0-9][A-Za-z0-9\-\._]+)[^A-Za-z0-9\-\._]*.*$"}}.

% rpz record: name, SOA refresh, SOA update retry, SOA expiration, SOA NXDomain TTL, Cache, Wildcards, Action, [tkeys], ioc_type, AXFR_time, IXFR_time, [sources], [notify], [whitelists]
{rpz,{"dns-bh.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["dns-bh"],["127.0.0.1"],["whitelist_1"]}}.
{rpz,{"notracking.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["notracking_hosts","notracking_domains"],[],["whitelist_1"]}}.
{rpz,{"conficker.ioc2rpz",86400,3600,2592000,7200,"true","true","nxdomain",["tkey_1"],"mixed",604800,86400,["conficker"],[],["whitelist_1"]}}.

[Homas]

Thanks for reporting! I've fixed the bug in the "dev" branch. I'll need to make a few tests before moving it to the "master" branch.

[gatsukito]

Thanks you. ioc2rpz is a big tool and I love it

[Homas]

Thanks! I've pushed the patch to the master branch.