• pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!

    Pinned
    94
    10 Votes
    94 Posts
    90k Views
    GertjanG
    @flepti said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!: my setup too You mean you use pfSense 2.4.5 and "007" fBlockerNG-devel ? Easy solution : upgrade ?!
  • Firewall Rules Order

    Pinned
    34
    0 Votes
    34 Posts
    24k Views
    V
    so happy to find the explanation relating the tables and lists!! thanks!
  • Bypassing DNSBL for specific IPs

    Pinned
    114
    5 Votes
    114 Posts
    94k Views
    JonathanLeeJ
    @mcury thanks for the reply I will test this soon and yet you know how it works out.
  • Support pfBlockerNG development!

    Pinned
    5
    4 Votes
    5 Posts
    11k Views
    A
    I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension. Looking forward to it. I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard. Great work hope it's coming along well ;) Great job.
  • PfBlockerNG v2.1 w/TLD

    Pinned
    124
    1 Votes
    124 Posts
    268k Views
    E
    It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!
  • PfBlockerNG v2.0 w/DNSBL

    Pinned
    1k
    2 Votes
    1k Posts
    2m Views
    RonpfSR
    @ck42 The entry is related to Firewall / pfBlockerNG/ DNSBL / DNSBL Category Blacklist.
  • PfBlockerNG

    Pinned
    1k
    2 Votes
    1k Posts
    2m Views
    K
    @breeoge said in PfBlockerNG: @belt9: I wanted to chime in here as I just updated from a month old RC to 2.4.0-RELEASE last night and ran into this problem today. I haven't read through all of the many pages of the many threads that seem related to this issue (show how popular pfBNG is!), so maybe this has already been covered. But I've seen several people state that this doesn't happen on ZFS - I have a raidz2 ZFS install, and this happened to me, just throwing that out there. That is good to know. Thank you for the report.  BBcan177 is currently updating it to use SQLlite and this should fix any issues in the future.  In the other thread there is a temp fix posted.. https://create.vista.com/colors/palettes/ Thank you BreeOge Hello my friend. Many thanks to Bbcan177 for keeping the report up to date. as a result of this, in principle, the given problems are corrected.
  • PFBlockerNG Python-Mode - Source-IP in Reports

    14
    0 Votes
    14 Posts
    1k Views
    BBcan177B
    @seraph77 For Python mode, when you use an internal dns server, you can either null block or check the option "DNSBL Event Logging", which will provide a workaround for this issue.
  • pfBlockerNG syslog logentries to remote SIEM

    5
    1 Votes
    5 Posts
    409 Views
    keyserK
    @jrey Would you mind sharing a bit about that setup? I understand your reluctance to promise anything if you are looking into pfblockerNG package maintenance.
  • pfBlockerNG Frustrations

    2
    0 Votes
    2 Posts
    212 Views
    patient0P
    @Arowe95 How have you set up pfBlockerNG? For me if I do a basic setup using the Wizard the Steve Black Hosts list is already included. That would explain the duplicates :). Check Firewall / pfBlockerNG / DNSBL / DNSBL Groups, ADs_Basic. Click edit for that group and it contains one list, Steve Black Hosts.
  • New pfblockerNG install Database Sanity check Failed

    40
    0 Votes
    40 Posts
    5k Views
    T
    Ran into this issue today as well running on 25.07.1 with pfblockerNG-devel 3.2.7. Followed the steps outlined in this thread to edit the pfblockerng.sh file, then deleted/force reloaded all the lists, and all was well again. Thank you everyone in this thread for your your help and great instructions.
  • PfBlockerNG deduplication is out of sync a lot

    4
    0 Votes
    4 Posts
    2k Views
    J
    @LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense
  • Failed or invalid Mime Type: [application/SIMH-tape-data|0] (solved)

    3
    1 Votes
    3 Posts
    364 Views
    fireodoF
    @tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!
  • PfBlockerNG Single core @ 100% for 5 minutes unscheduled

    10
    0 Votes
    10 Posts
    591 Views
    keyserK
    @jrey Thank you so much for the detailed explanation and help. I will adapt and apply the patch to move the job timing like suggested at 01:35 Are you just a user or are you also involved in package maintenance on one or more packages?
  • pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start

    5
    0 Votes
    5 Posts
    373 Views
    GertjanG
    @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS I'll decode this one : @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+ Traffic, coming into LAN, from a LAN device (192.168.2.13 = your TrueNAS) going to a Chinise ( 116.147.64.181 ) Brazilian ( 177.72.195.114 - = next line ) was blocked by the "pfB_PRI1_v4" list. That's probably good thing ? ( ! ). Up to you to discover why your NAS should initiate connections to these countries. A NAS can go outside for maintenance purposes, for example to look for updates of it's system. These could be located anywhere of course. The GeoIP IP created a rule for you. How and where do you use that this rule ?
  • https://oisd.nl

    59
    3 Votes
    59 Posts
    11k Views
    T
    @andrebrait will you be able to rebase pfblockerng-adblock-clean on top of devel in the foreseeable future? I have been able to make use of patches until I upgraded to 25.07-RELEASE. The conflicts are deep. Oddly the pfblockerNG-devel package is 3.2.7 despite the current refs having 3.2.9 in the Makefile.
  • pfBlockerNG not logging anything by default?

    45
    0 Votes
    45 Posts
    2k Views
    R
    I finally got around installing a new pfsense firewall and the first connections I am seeing right of the bat are lets say strange. I don't know what they are: https://otx.alienvault.com/indicator/ip/178.250.1.11 https://www.abuseipdb.com/check/178.250.1.11 https://www.virustotal.com/gui/ip-address/178.250.1.11/community https://viz.greynoise.io/ip/178.250.1.11 Aug 10 11:07:09 WAN Default deny rule IPv4 (1000000103) 178.250.1.11:443 192.168.178.21:18414 TCP:PA Its incoming from WAN trying to get to the firewall. Very mixed results here. Never heard of criteo and it is flagged by some people despite being whitelisted on otx alienvault. I remember seeing the same the first time I installed pfsense on my other machine I think. Any idea what it could be? I also did a packetcapture and there are losts of ACKed Unseen segments. Does this indicate anything? On my other firewall I don't see anything coming from WAN to LAN but on the new one there is so much IPs. What can it be?
  • After Update to pfBlockerNG 3.2.7 (25.07-RELEASE) pfb_dnsb won´t start

    7
    0 Votes
    7 Posts
    368 Views
    w0wW
    So you're using the CARP IP address for the pfBlockerNG redirects? May I ask why that's necessary?
  • Trying to configure Maxmind - 401 Unauthorized

    2
    0 Votes
    2 Posts
    112 Views
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula
  • DNSBL (Python mode) errors Found!

    8
    0 Votes
    8 Posts
    1k Views
    reza3swR
    @Gertjan Hello, Thank you. I had exactly the same issue, and your solution helped me fix it. Ask ChatGPT
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.