Closed molitona closed 2 years ago
Hi @molitona ,
What's the name of the rule that should block ads domains? is [x] Priority rule
marked?
If you double click on the rule, are there domains blocked by that rule?
What domain resolver are you using? Can you post your /etc/resolv.conf
?
If it contains entries pointing to 127.0.0.1 or similar, could you change it by 1.1.1.1 and see if it's blocked?
Also, a simple telnet or curl to that domain will tell you if it's working or not:
$ telnet block-test.developerdan.com 80
telnet: could not resolve block-test.developerdan.com/80: Name or service not known
What's the name of the rule that should block ads domains? is [x] Priority rule marked?
If you double click on the rule, are there domains blocked by that rule?
No, nothing.
/etc/resolv.conf contains
# Generated by NetworkManager
nameserver 127.0.0.1
In fact, I'm using stubby for DNS over TLS. I set dns server as 127.0.0.1 in network manager after configuring stubby to get it work.
Also, a simple telnet or curl to that domain will tell you if it's working or not:
% telnet block-test.developerdan.com 80
Trying 188.114.96.0...
Connected to block-test.developerdan.com.
Escape character is '^]'.
d
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Tue, 01 Mar 2022 22:00:07 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
Connection closed by foreign host.
In fact, I'm using stubby for DNS over TLS
This is a known problem.
Try it out please with the dns server 1.1.1.1 (or 9.9.9.9, whatever except 127.0.0.1), only to verify that the rule works: /etc/resolv.conf' -> ' nameserver 1.1.1.1
(by the way, [x] Enable
.. just in case O:])
If it works with 1.1.1.1, then compile the opensnitch-dns.o
module following these instructions: https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog
If you want I can compile it for you.
I selected Enable, tried both 1.1.1.1 and 9.9.9.9 and got the same result.
Ok, the first thing is to remove systemd-resolved from the equation.
$ sudo systemctl stop systemd-resolved
If the test domain is not blocked and the rule view shows 0 domains blocked:
$ sudo systemctl restart opensnitchd
$ grep block-test.developerdan.com /media/rules/ads-list/ads-and-tracking-extended.txt
Set log level to DEBUG while you reproduced it, and post it to the issue please.
Hi @gustavo-iniguez-goya. Before testing that. I've a little problem I mentioned later. Since [2021-09-03 08:18:45 no log is appended to /var/log/opensitchd.log. Even, after setting it to DEBUG nothing added there...
oops, that's really strange.
Is the daemon running? $ pgrep -a opensnitchd
If it's not running, try launching it from a terminal as root: # /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
If it's running, restart it: service opensnitchd restart
LogLevel should be set to 0 in /etc/opensnitchd/default-config.json
It's running and log level set to 2 but it's not logging.
Mar 12, 2022, 01:11 by @.***:
oops, that's really strange.
Is the daemon running? > $ pgrep -a opensnitchd
If it's not running, try launching it from a terminal as root: > # /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules
If it's running, restart it: > service opensnitchd restart
LogLevel should be set to 0 in > /etc/opensnitchd/default-config.json
— Reply to this email directly, > view it on GitHub https://github.com/evilsocket/opensnitch/issues/639#issuecomment-1065697300> , or > unsubscribe https://github.com/notifications/unsubscribe-auth/AIPC4MN6IJEYBY4QFZJDCVLU7POJJANCNFSM5PR3RAEA> . Triage notifications on the go with GitHub Mobile for > iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or > Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> . You are receiving this because you were mentioned.> Message ID: > <evilsocket/opensnitch/issues/639/1065697300> @> github> .> com>
Ok. If you set log level to DEBUG from the GUI, LogLevel in /etc/opensnitchd/default-config.json
should be 0.
If configuring log level to DEBUG doesn't change LogLevel value, then something is broken in your installation.
I suggest you to reinstall opensnitch.
It showed me that msg when changing it from GUI
I modified it in json file directly and logging works
Regarding that error, you need to install AUR opensnitch-ebpf-module: https://aur.archlinux.org/packages/opensnitch-ebpf-module
After installing that package, please, follow these steps to debug the problem: https://github.com/evilsocket/opensnitch/issues/639#issuecomment-1062008124
I think the main problem is systemd-resolved
I tried all what you said, no results !
thanks for the logs @molitona . According to latest entries, you have still systemd-resolved
running:
[2022-03-15 19:03:46] DBG /usr/lib/systemd/systemd-resolved -> dns.quad9.net (msystemd-resolved-{TCP,UDP}-53)
I suggest you to perform the following steps:
$ sudo systemctl stop systemd-resolved
$ date
(in order to review the logs easily)$ sudo service opensnitchd restart
$ telnet block-test.developerdan.com 80
if you want we can talk about this at #opensnitch:matrix.org , otherwise it's going to be really difficult to debug this problem.
Thanks, I'll do. Is opensnitch supposed to block dns requests for the domains in the list only or also blocks tcp requests to 80 and 443 from those domains too ?
opensnitch will block every request to the domains in the list, regardless the port or protocol.
Thanks, it's working now dunno why.
Also, that block-test.developerdan.com is misleading it always picture mentioned in post.
solved.closing.
I followed https://github.com/evilsocket/opensnitch/wiki/block-lists#how-to-add-a-global-rule-to-block-ads-or-trackers exactly. But, it's not working. Visiting block-test.developerdan.com shows
Include the following information:
systemctl status opensnitch shows
/var/log/opensnitch file doesn't store any new log since [2021-09-03 08:18:45] . I dunno why ?