pfBlockerNG

• 

  pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!
  • BBcan177  

  74
  9
  Votes
  74
  Posts
  10714
  Views

  W

  @stephenw10 said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!: Enter the Key in the 'Maxmind License Key' field in pfBlocker. Now you can access the GeoIP tabs. Steve Thanks Steve.
• S

  Firewall Rules Order
  • Stewart  

  19
  0
  Votes
  19
  Posts
  5627
  Views

  

  @BBcan177: You can create a new alias in pfBlockerNG and add "0.0.0.0" which is equivalent to "any" IP, into the custom list… Then edit either the Advanced Inbound or Outbound Firewall rule settings to configure the balance of the rules options... You can then define this Alias Action setting to Permit or Block... You can drag the Aliases from the IP tab to re-order as you wish. Also as stated above, you can use "Alias Type" rules and create all the rules manually. I don't know but all those changes seem too much and too complicated. Here is my example, I want to keep untouched rules order to make all network clients to use pfSense router as DNS server like: pass - Allow DNS to pfSense only block - Block all DNS not to pfSense And every time pfBlockerNG updates, my "block" rule get pushed to the end of the list. It seems wrong to me regardless of workarounds.  As I described in this https://redmine.pfsense.org/issues/8279 Why won't we either 1 - in pfBlockerNG, Rule Order add option - "Do not change (preserve) existing order" or 2 - in Firewall Rules <if>add say a check box "Preserve existing order", which will not allow the order to be changed. ???</if>
• N

  Bypassing DNSBL for specific IPs
  • Ns8h  

  20
  2
  Votes
  20
  Posts
  10713
  Views

  R

  @kezzla I was not. I figured since im having all of my devices on my network point to my AD DNS Server this wouldnt work. Guest lan would probably work but since i want to rdp from my phone and also block ads on my phone while connected to vpn to home this wouldnt work without affecting all pcs that use my ad dns servers.
• 

  Support pfBlockerNG development!
  • ivor  

  5
  2
  Votes
  5
  Posts
  4547
  Views

  A

  I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension. Looking forward to it. I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard. Great work hope it's coming along well ;) Great job.
• K

  Thanks BBCAN177 !
  • Koent  

  5
  1
  Votes
  5
  Posts
  3175
  Views

  S

  As pointed out to me in another post. https://forum.pfsense.org/index.php?topic=139634.0
• 

  PfBlockerNG v2.1 w/TLD
  • BBcan177  

  124
  0
  Votes
  124
  Posts
  57616
  Views

  E

  It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!
• 

  PfBlockerNG v2.0 w/DNSBL
  • BBcan177  

  1070
  3
  Votes
  1070
  Posts
  529153
  Views

  M

  @anttechs said in PfBlockerNG v2.0 w/DNSBL: Many thanks ;) You're welcome I disabled TLD because I had .com and most of the others in there Yeap, that would be it! Cheers
• W

  PfBlockerNG
  • wbennett77  

  1194
  0
  Votes
  1194
  Posts
  438182
  Views

  E

  @RonpfS Thank you friend it worked.
• E

  GeoIP rules blocking things not on the list
  • ex1580  

  8
  0
  Votes
  8
  Posts
  38
  Views

  E

  @BBcan177 Yep, this is still happening today. Just wanted to let you know. The old MaxMind was a lot easier to use from the end user perspective.
• Z

  When will pfBlockerNG 2.2 be stable
  • zjgn  

  1
  0
  Votes
  1
  Posts
  41
  Views

  No one has replied

• S

  pfr_update_stats: assertion failed and blocked traffic
  • Sesquipedalio  

  2
  0
  Votes
  2
  Posts
  16
  Views

  S

  I started noticing very weird blocked functions in my home network. My music server would not resolve http(s) get requests for streaming music, though I could on other devices. I could not resolve a domain name by typing the base URL in the address bar (like typing purple.com and get the page to load), but I could find it in a search bar and navigate to them and perform nslookups on them. I updated the main pfSense OS, but could not update any packages. Other weirdness that was not easy to categorize. I tried to reboot the pfSense via the web and command menu - neither worked. I forced a hardware reboot and noticed many repeated errors on the console and system logs which read: pfr_update_stats: assertion failed Here is my solution, which is working for now: In the Firewall / pfBlockerNG / General page, tick the box for "Suppression - This will prevent Selected IPs from being blocked. Only for IPv4 lists (/32 and /24)." and click the Save button for this page. In the Firewall / pfBlockerNG / General page, untick: Enable pfBlockerNG and Keep settings to disable them both. then click the save button. In the Firewall / pfBlockerNG / General page, tick only the Enable pfBlockerNG to enable and leave the Keep settings unticked/disabled. In the Firewall / pfBlockerNG / Update page, select the Select 'Force' option Update and click Run. Copy the output from this into a text file. Use the text file to separate the results to find four types of results: No Domains Found Terminated - Easylists can not be used Anything which is not working, such as a 404 page not found or other error Anything working can be ignored Open EVERY DNS Group Name on the Firewall / pfBlockerNG / DNSBL Feeds page. Search for any of the feeds that are NOT working at all and paste the URL into a browser bar. If they do not resolve, delete them - don't forget to click the save button at the bottom. If they do resolve, see the next step Open EVERY DNS Group Name on the Firewall / pfBlockerNG / DNSBL Feeds page. Search for any of the feeds that are listed as No Domains Found, or that did resolve to a list in a previous step, and paste the URL into a browser bar. If the list is just a bunch of IP addresses, then you have them on the wrong part of your firewall! To fix this: Copy the URLs of any of the lists which were IP-based out of the DNSBL page and into a text file as a placeholder. Move over to the Firewall / pfBlockerNG / IPv4 page and start a new Alias Name (or edit one you may already have there). Add each one of the URLs from your text file, giving it a unique header name (the last field) and make sure to set it to Auto & ON. . Once all added, I set the List Action and update schedule to my preference and saved the page For anything which results in 'Terminated - Easylists can not be used' I do not yet have a solution. In the Firewall / pfBlockerNG / General page, untick: Enable pfBlockerNG and Keep settings to disable them both. then click the save button. In the Firewall / pfBlockerNG / General page, tick only the Enable pfBlockerNG to enable and leave the Keep settings unticked/disabled. In the Firewall / pfBlockerNG / Update page, select the Select 'Force' option Update and click Run. Repeat the process of reviewing the results to remove broken lists and move IP-based lists to the right IPv4 list page. ------ONCE satisfied with the results: In the Firewall / pfBlockerNG / General page, untick: Enable pfBlockerNG and Keep settings to disable them both. then click the save button. In the Firewall / pfBlockerNG / General page, tick BOTH the Enable pfBlockerNG and Keep settings to enable them both. In the Firewall / pfBlockerNG / Update page, select the Select 'Force' option Update and click Run.
• G

  pfBlockerNG 2.1.4_21 totally lag system after pfSense upgrade from 2.4.4 to 2.4.5
  • Gektor  

  3
  0
  Votes
  3
  Posts
  222
  Views

  C

  Sounds like this issue: #10414 Workaround: #901871 but maybe the firewall table is to small to use pfBlocker after the change...
• 

  Can I search for an IP-address in all aliases?
  • Bob.Dig  

  5
  0
  Votes
  5
  Posts
  42
  Views

  

  @Gertjan Yeah, you got it all wrong, probably because of my English-writing-skills.
• C

  pfBlockerNG-devel 2.2.5_30 "Cannot allocate memory..."
  • Co6aka  

  7
  0
  Votes
  7
  Posts
  114
  Views

  L

  @Co6aka I'm in the same boat as you. Upgraded from 2.4.4 to 2.4.5. Wound up with "Cannot allocate memory" errors & only the firewall could access the internet. Uninstalling/reinstalling pfBlocker_NG gets the LAN back online (I know it isn't a pfBlocker issue). My table entries were at 20 million before upgrading - because I have a lot of lists and some of them are massive (each list does have a purpose). I think I worked up to 60M entries before setting this aside for the night. I haven't tried breaking apart my lists into smaller aliases. After reading the relevant posts here and on Reddit, it doesn't seem likely to help. It'd still be the same number of IPs that need allocation. (wild guess coming) Unless the issue is that the structures holding my massive aliases are buckling under the load. But, heck. I don't know. I'm going to sleep on it. Maybe tomorrow I'll puzzle out where I should be looking for clues. Otherwise, I'll have to check into rolling back - wait for bigger brains to set our world right (yet) again. Edit: box has 4GB RAM Q: How do I calculate Firewall Maximum Table Entries (assume 100MB in aliastables dir) Edit.2: I haven't been able to find a fix. Going to roll back. and I'm fairly impressed w/ the difficulty of locating a download link for pfSense-CE-2.4.4-RELEASE-p3-amd64.iso.gz Not giving up!
• H

  DNSBL breaking Google.com shopping tab...
  • HSTS  

  9
  0
  Votes
  9
  Posts
  126
  Views

  H

  @RonpfS Found it. Thank you. Still haven't found the specific alert I'm looking for, but I at least know where to dig. Note that I haven't been looking all this time. I got side tracked doing something else. Thanks again for your help.
• T

  Malwarebytes feed - hphosts offline?
  • talaverde  

  7
  0
  Votes
  7
  Posts
  222
  Views

  

  @Yamabushi said in Malwarebytes feed - hphosts offline?: Anyone have good recommendations for replacement lists? On their turn, good quality publicly available lists will get hit even harder very soon, obliging the owner to invest in server structures that can take the hit. This often applies : why would one update a list every day if one can update it every hours, even if the list is updated itself every week ?? pfBlockerNG is a success : even if it's free, 'money' is involved. Most quality list will probably choose methods like GeoIP Maxmind at best - or simply : access against cash.
• R

  oisd blocklist not working
  • revengineer  

  7
  0
  Votes
  7
  Posts
  50
  Views

  

  @revengineer The is a log snippet above that to show the processing of that feed and the restart of Unbound. Take a look at those two sections of the pfblockerng.log.
• J

  clog_pfb drops a core if system log files are reset
  • jwj  

  11
  0
  Votes
  11
  Posts
  56
  Views

  J

  FWIW: did a fresh install. Still core faults if I reset logs.
• G

  pfBlockerNG-devel 2.2.5_30: IPv4 list: too many elements + high system load
  • getcom  

  5
  0
  Votes
  5
  Posts
  95
  Views

  G

  @provels said in pfBlockerNG-devel 2.2.5_30: IPv4 list: too many elements + high system load: My understanding, possibly incorrect, is that Firewall Max Table entries must be at least double what your final count shows, since during updates both the new and old list counts exist in the table simultaneously. Each list has its own table and it will be processed one after the other. It should then > the doubled value of the biggest list. I will try that and increase the value first to 3 1/2 million. This needs a reboot, which means this can be done only ooo in four hours. Are DNSBL lists processed in a different way? The DNSBL_UT1 has >1.8 million entries and this list is working. Ok., thank you for the offline hint of the lists...just discovered the download errors also on my own pfS which is still 2.4.4-P3.
• S

  All alerts showing as unk country code.. help
  • sesipod  

  26
  0
  Votes
  26
  Posts
  213
  Views

  E

  @BBcan177 Excellent! Working as expected now. Maybe someday there can be a button or comment explaining how to re-download from MaxMind because I didnt even know the command did that when I was looking at it. Thanks! Keep up the good work!
• C

  pfblokerng en pfsense briged
  • Core7  

  3
  0
  Votes
  3
  Posts
  40
  Views

  

  @Core7 I don't think bridging will work well with the pkg. I also have no other first hand experience doing that sorry.
• E

  DNSBL Feature Request - TLD inverse and lists
  • ex1580  

  1
  0
  Votes
  1
  Posts
  28
  Views

  No one has replied

• 

  pfBlockerNG-devel 2.2.5_30 update: Is it 2.4.5 specific now?
  • provels  

  2
  0
  Votes
  2
  Posts
  169
  Views

  

  No its for all versions
• V

  pfBlockerNG-devel not showing blocked DNS requests
  • vjizzle  

  10
  0
  Votes
  10
  Posts
  402
  Views

  V

  @BBcan177 : the new version of pfSense is here with the python integration. Any word on the next pfBlockerNG release which will use that to show all allowed and blocked DNS requests? I'd be happy to help with testing.
• 

  Shallalist and UT1 lists not working on 2.4.5-RELEASE/pfBlockerNG-devel 2.2.5_29
  • provels  

  15
  1
  Votes
  15
  Posts
  357
  Views

  

  @GregBinSD said in Shallalist and UT1 lists not working on 2.4.5-RELEASE/pfBlockerNG-devel 2.2.5_29: Can you tell me how long that might be? The pfSense devs need to review and approve. Hopefully next week.
• F

  pfBlockerNG-devel install - PHP Startup Errors - failed to load readline.so
  • fabrizior  

  8
  0
  Votes
  8
  Posts
  161
  Views

  

  it does't surprise me, pfblockerng is outdated , pfblockerng-devel have more features
• F

  Upgrade from pfBlockerNG to -devel before 2.4.5 upgrade?
  • fabrizior  

  4
  0
  Votes
  4
  Posts
  143
  Views

  F

  @Gertjan @t41k2m3 Thank you for the details. I’ll make the jump to the -devel package first then. Are there any specific posts/blogs you would recommend to get up to speed on any critical changes or potential gotchas that might extend my maintenance window? My router is usually hovering around 3% CPU and 19% memory utilization with pfblocker, squid, squidguard, snort, and a few other pkgs running. these stats are with no inbound OpenVPN client tunnels active or outbound IPsec VPN to my Oracle Cloud IaaS tenancy up. Still, plenty of resource capacity.
• T

  Post-upgrade to 2.4.5 pfBlockerNG-devel causing memory and/or CPU spikes
  • t41k2m3  

  1
  0
  Votes
  1
  Posts
  71
  Views

  No one has replied

• A

  PFblockNG Devel not logging or blocking domains
  • antoni777  

  14
  0
  Votes
  14
  Posts
  204
  Views

  A

  I still get nothing, In the post above i always get the same error , "Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding" V/r Tony
• M

  Advanced Inbound Firewall Rule Settings
  • maxyca  

  2
  0
  Votes
  2
  Posts
  63
  Views

  M

  Really nobody did it?
• J

  Feed not updating with cron but does by force
  • Jobee  

  7
  0
  Votes
  7
  Posts
  98
  Views

  S

  Hello! Are you using ram disks in System/Advanced/Miscellaneous? This sounds oddly similar to these : https://forum.netgate.com/topic/151591/sort-4-not-downloading-vrt-rules/ https://forum.netgate.com/topic/151634/php-errors/ John
• 

  GeoIP and Auto Rules
  • provels  

  1
  0
  Votes
  1
  Posts
  47
  Views

  No one has replied

• 1

  DNS custom IPv4 blocklist stored as base64?
  • 1OF1000Quadrillion  

  2
  0
  Votes
  2
  Posts
  40
  Views

  

  Uh...Base64 is not a number base. It is a method for encoding binary values as text strings. See Wikipedia here: https://en.wikipedia.org/wiki/Base64.
• 

  Trying to run pfBlockerNG-devel update automatically after reboot
  • provels  

  1
  0
  Votes
  1
  Posts
  31
  Views

  No one has replied

• L

  Migrating from Pi-hole to PFblockerNG
  • lordofpc734  

  2
  0
  Votes
  2
  Posts
  114
  Views

  

  you can add list from DNSBL / DNSBL groups and press ADD, insert that link save and enable it for the regex stuff i found this on redmine https://www.reddit.com/r/pfBlockerNG/comments/d01qod/can_pfblocker_block_urls_by_regex/ez56ta3/ This will be available in the next major release as it will utilize the Unbound python integration. it's 6 months old idk how are things going on about it update here https://www.reddit.com/r/PFSENSE/comments/fj1ks8/migrating_from_pihole_to_pfblockerng/ Will be in the next pfBlockerNG-devel release when pfSense 2.4.5 is released.
• T

  PfBlockerNG whitelisting blocked GeoIP
  • techman2005  

  8
  0
  Votes
  8
  Posts
  117
  Views

  

  @techman2005 I just looked up scan.nextcloud.com and it resolved to 95.217.53.149, so you may need to actually edit the file /var/log/pfblockerng/ip_blocklog and remove the IP. I don't understand why it didn't adjust the data when you added the domain, saved, and reload. You could scroll to the right of that log file to see the list it belong to and try adding the IP to the custom list I think...maybe @BBcan177 can step in.
• N

  Find IP Address being blocked in feeds
  • nuffsai21  

  2
  0
  Votes
  2
  Posts
  161
  Views

  N

  Spent more time reviewing the changes I made. If I am not mistaken the pfB_Top_v4 alias is made by enabling GeoIP blocking (any of the lists there). In my case I enabled Top Spammers list and with action 'deny outbound'. After disabling 'GeoIP Top Spammers' the ubuntu updates began working.
• W

  Advice - Allowing client to bypass pfblocker-ng
  • wesfox  

  12
  0
  Votes
  12
  Posts
  2071
  Views

  T

  Hello All. I would like to ask about the following. I have some IPs bundled in an ALIAS and these IPs should bypass pfBlockerNG. When I unselect these IPs by their dedicated VPN-Interface in "Select Outbound Firewall Interface", these IPs are still get filtered by pfBlocker. Is this the reason for for this because of checking the option for floating rules (Open VPN) in DNSBL firewall rules? Nevertheless, I found wesfox's link for bypassing single IPs. Would this be the right way to bypass pfBlockerNG for some LAN IPs? Thx for your support in advance.
• W

  TLD white list not working
  • wolfsden3  

  21
  0
  Votes
  21
  Posts
  117
  Views

  

  @A-Former-User said in TLD white list not working: @wolfsden3 said in TLD white list not working: Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not. Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think. I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be. Thanks again. last thing i promise. below i have screenshot and posted my firewall rules: Floating: WAN: LAN: GUESTVLAN: blacked out information is just rules for my openvpn I just got to say I like your firewall arrangement...bravo!
• E

  High number of unbound resolver queries since last clearing
  • eindhovenfinest  

  1
  0
  Votes
  1
  Posts
  51
  Views

  No one has replied