@seraph77 For Python mode, when you use an internal dns server, you can either null block or check the option "DNSBL Event Logging", which will provide a workaround for this issue.

@jrey Would you mind sharing a bit about that setup? I understand your reluctance to promise anything if you are looking into pfblockerNG package maintenance.

@Arowe95 How have you set up pfBlockerNG? For me if I do a basic setup using the Wizard the Steve Black Hosts list is already included. That would explain the duplicates :). Check Firewall / pfBlockerNG / DNSBL / DNSBL Groups, ADs_Basic. Click edit for that group and it contains one list, Steve Black Hosts.

Ran into this issue today as well running on 25.07.1 with pfblockerNG-devel 3.2.7. Followed the steps outlined in this thread to edit the pfblockerng.sh file, then deleted/force reloaded all the lists, and all was well again. Thank you everyone in this thread for your your help and great instructions.

@LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense

@tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!

@jrey Thank you so much for the detailed explanation and help. I will adapt and apply the patch to move the job timing like suggested at 01:35 Are you just a user or are you also involved in package maintenance on one or more packages?

@jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS I'll decode this one : @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+ Traffic, coming into LAN, from a LAN device (192.168.2.13 = your TrueNAS) going to a Chinise ( 116.147.64.181 ) Brazilian ( 177.72.195.114 - = next line ) was blocked by the "pfB_PRI1_v4" list. That's probably good thing ? ( ! ). Up to you to discover why your NAS should initiate connections to these countries. A NAS can go outside for maintenance purposes, for example to look for updates of it's system. These could be located anywhere of course. The GeoIP IP created a rule for you. How and where do you use that this rule ?

@andrebrait will you be able to rebase pfblockerng-adblock-clean on top of devel in the foreseeable future? I have been able to make use of patches until I upgraded to 25.07-RELEASE. The conflicts are deep. Oddly the pfblockerNG-devel package is 3.2.7 despite the current refs having 3.2.9 in the Makefile.

I finally got around installing a new pfsense firewall and the first connections I am seeing right of the bat are lets say strange. I don't know what they are: https://otx.alienvault.com/indicator/ip/178.250.1.11 https://www.abuseipdb.com/check/178.250.1.11 https://www.virustotal.com/gui/ip-address/178.250.1.11/community https://viz.greynoise.io/ip/178.250.1.11 Aug 10 11:07:09 WAN Default deny rule IPv4 (1000000103) 178.250.1.11:443 192.168.178.21:18414 TCP:PA Its incoming from WAN trying to get to the firewall. Very mixed results here. Never heard of criteo and it is flagged by some people despite being whitelisted on otx alienvault. I remember seeing the same the first time I installed pfsense on my other machine I think. Any idea what it could be? I also did a packetcapture and there are losts of ACKed Unseen segments. Does this indicate anything? On my other firewall I don't see anything coming from WAN to LAN but on the new one there is so much IPs. What can it be?

So you're using the CARP IP address for the pfBlockerNG redirects? May I ask why that's necessary?

I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

@Gertjan Hello, Thank you. I had exactly the same issue, and your solution helped me fix it. Ask ChatGPT