@Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

@vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

@netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

@Gertjan yes, that was an example, a false positive from a list that is not being blocked anymore.

@Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

It's an issue with VIP creation code in PFBlockerNG. PFblockerNG support is working to remove the VIP creation code in pfBlockerNG and leaving that to pfSense to handle. Stay tuned. https://github.com/pfsense/FreeBSD-ports/pull/1427

Resurrecting this thread for two reasons: 1.) Because this is where I landed when newly confronted with the topic using pfBlockerNG-devel 3.2.10 on pfSense CE 2.8.1-RELEASE; and 2.) to confirm that the 'issue' and 'fix' here continue to be viable despite the TLD analysis function being considerably modified since the last post in September 2024. Current function @ L7255 of /usr/local/pkg/pfblockerng/pfblockerng.inc: // Determine max Domain count available for DNSBL TLD analysis (Avoid Unbound memory exhaustion) $pfs_memory = (round(get_single_sysctl('hw.physmem') / (1024*1024)) ?: 1000); $pfb['pfs_mem'] = [ '0' => '100000', '1500' => '150000', '2000' => '200000', '2500' => '250000', '3000' => '400000', '4000' => '600000', '5000' => '1000000', '6000' => '1500000', '7000' => '2000000', '8000' => '2500000', '12000' => '3000000', '16000' => '4000000', '32000' => '8000000' ]; if ($pfb['dnsbl_py_blacklist']) { array_walk($pfb['pfs_mem'], function (&$value) { $value = $value * 3; }); } foreach ($pfb['pfs_mem'] as $pfb_mem => $domain_max) { if ($pfs_memory >= $pfb_mem) { $pfb['domain_max_cnt'] = $domain_max; } } On a system with 32 GB of RAM attempting to 'analyze' over 24M but less than 27M domains, the line "'32000' => '8000000'" was changed to "'32000' => '9000000'" (i.e., permitting a maximum number of 27M domains to be 'analyzed') in order for the function to complete successfully. Analyzing (and then subsequently loading) precisely this number of domains... Original Matches Removed Final ---------------------------------------- 24270656 21017552 6463516 17807140 ----------------------------------------- ...results in Unbound's stable operational consumption of ~6 GB of RAM and any/all pfBlockerNG 'Reload' options consuming as much as ~6 GB of RAM, concurrently. Therefore one should only attempt this DNSBL hack if they're confident that their system has at least 13 GB of memory 'headroom' (taking into account normal system operation and any other resource-consuming, installed packages).

@Zaketis dedup is only Deny Feeds which would also include and GeoIP lists. Aggregation works in separate silos for each type ie: permit or deny etc...

Hello, The issue is resolved! Without me having to change anything / touch a thing , I tried adding an ASN this morning and it worked; the dropdown list appeared. Thank you very much to everyone who took the time to reply. Have a good day, everyone.

@Gertjan Very thank's, I'll try to do somethings like that...

@Gertjan @Gertjan said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: think this "DNSBL Webserver" usage is something that belongs to the past, as this web server was useful in the past, when everybody was using http:// web sites. Yes you are right about the http web page. I don't really care if they can see the web page pfb_dnsbl offers or not. You gotta have it for pfb_dnsbl to work ... Roy