pfBlockerNG

• N

  Bypassing DNSBL for specific IPs
  • Ns8h  

  13
  1
  Votes
  13
  Posts
  4394
  Views

  H

  @yeleek Please note, if you do an update, disable and re-enable DNSBL that line will be modified again back to the standard entry. You will need to check each time and remove any leading "server:" to ensure your expected behavior works as expected. Just an FYI as it caught me out and is now part of my standard checks following any modifications to the configuration of my pfSense @ kevinmitky I am doing exactly what you described. I have my dnsbl view as the subnets and am specifying specific hosts on those subnets to bypass. These are Roku's devices that had news feeds that used block sites and I made a choice to allow it access for the convenience. Ensuring the host specific acl was before the subnet based ones was something I just do based on my background, but if you don't have it in that order, maybe that's an area to check. That and having to clear any host DNS caches made this a little more time consuming to test if I screwed up the config on pfSense :-)
• 

  Support pfBlockerNG development!
  • ivor  

  3
  2
  Votes
  3
  Posts
  3326
  Views

  A

  I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension. Looking forward to it. I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard. Great work hope it's coming along well ;) Great job.
• K

  Thanks BBCAN177 !
  • Koent  

  5
  0
  Votes
  5
  Posts
  2589
  Views

  S

  As pointed out to me in another post. https://forum.pfsense.org/index.php?topic=139634.0
• 

  PfBlockerNG v2.1 w/TLD
  • BBcan177  

  122
  0
  Votes
  122
  Posts
  53163
  Views

  H

  I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.
• 

  PfBlockerNG v2.0 w/DNSBL
  • BBcan177  

  1070
  0
  Votes
  1070
  Posts
  454985
  Views

  M

  @anttechs said in PfBlockerNG v2.0 w/DNSBL: Many thanks ;) You're welcome I disabled TLD because I had .com and most of the others in there Yeap, that would be it! Cheers
• W

  PfBlockerNG
  • wbennett77  

  1189
  0
  Votes
  1189
  Posts
  421894
  Views

  

  @BrettC: Hi, one thing i am noticing with pfBlockerNG is that it may be missing an end-double quote on its shell commands? No the quote is used in the grep command to find an exact match starting with the first quotation mark in the line…  The 502 error is being worked on...  The upcoming release doesn't seem to be affected by this and will hopefully be released shortly... Stay tuned!
• A

  Im doing it all wrong lol configuration must be wrong!
  • anttechs  

  1
  0
  Votes
  1
  Posts
  8
  Views

  No one has replied

• R

  DNSBL modify default bloked webpage
  • rjabellax5  

  42
  0
  Votes
  42
  Posts
  3336
  Views

  A

  @concord @BBcan177 I modified /usr/local/pkg/pfblockerng/pfblockerng.inc by replacing line 1087 likes this: 'target' => "{$pfb['dnsbl_vip']}", Now the NAT rules always have vip as target ip and issue is solved. However, I think 127.0.0.1 should work. May be issue is with latest release of pfSense itself?
• 

  How define schedule time for DNSBL ?
  • reza3sw  

  8
  0
  Votes
  8
  Posts
  115
  Views

  

  I found one solution for schedule time "pfb_dnsbl" In this solution you can define multi Cronjob for this action You can define Cron job for change name e.g : "pfb_dnsbl.conf" And create another cron job for stop service "pfb_dnsbl" And create another cron job for restart "unbound" at your preferred time It is very easy and practical Also you can change those jobs to default at your preferred time
• 

  pfBlockerNG-devel v2.2.5_22
  • BBcan177  

  5
  1
  Votes
  5
  Posts
  291
  Views

  N

  Installed just now. No problems so far. Thanks for all the awesome work you do BBcan177!
• M

  Blocking Yahoo and Tumblr with PfblockerNG-Devl
  • mushtash  

  8
  0
  Votes
  8
  Posts
  192
  Views

  C

  I'm happy to assist, mushtash, though you're right, I'm currently running the prod version: 2.1.4_16 Anyone else here using the dev version who might know the answer to this question?
• T

  Customer Support Chat Window on Verizon.com
  • thezfunk  

  1
  0
  Votes
  1
  Posts
  39
  Views

  No one has replied

• B

  swap_pager_getswapspace(): failed
  • bokikay  

  2
  0
  Votes
  2
  Posts
  53
  Views

  F

  Might be worth reviewing the responses to my earlier post here in which the circumstances were possibly similar ...
• F

  pfsense unresponsive (resolved)
  • farrina  

  17
  0
  Votes
  17
  Posts
  468
  Views

  F

  Just a quick follow up to my post to advise that my "problem" has not reoccurred since taking RonpfS advice to reduce the number of entries in my pfblockerNG block files. Once again my thanks to all who took the trouble to respond. Cheers
• F

  pfblockerng/dnsbl.log timestamp resolution?
  • fabrizior  

  1
  0
  Votes
  1
  Posts
  24
  Views

  No one has replied

• M

  No Internet connection on LAN interfaces after reboot
  • moregeld  

  5
  0
  Votes
  5
  Posts
  52
  Views

  M

  @bbcan177 said in No Internet connection on LAN interfaces after reboot: pfSense Resolver Log Level Wheres that under mate ?
• P

  pfBlockerng very slow at DNS
  • pooperman  

  9
  0
  Votes
  9
  Posts
  328
  Views

  C

  Definitely inspect the content--you will probably find a URL which is not blocked being used there. Sometimes you may be getting ads from a subdomain, so you may need to check the "Enable TLD" to attempt to deal with these subdomains. Also, so sites host ads locally, but that is less common. A content inspection should tell you.
• N

  159.89.13.0 is converted to 159.89.13.0/24 !?
  • neti  

  4
  0
  Votes
  4
  Posts
  125
  Views

  S

  We experienced the same behaviour with the blocklist from AlientVault and EmergingThreats: https://reputation.alienvault.com/reputation.generic https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt e.g. the AlientVault List contains the IP 97.83.55.0 and the IP 97.83.55.76 is blocked. Reputation is disabled. De-Duplication and CIDR Aggregation is enabled.
• M

  Pfblocker VIP redirection not working for some domains
  • Moon_D  

  1
  0
  Votes
  1
  Posts
  69
  Views

  No one has replied

• 

  pfBlockerNG setting IPv6 AS blocks as IPv4
  • Dyspareunia  

  3
  0
  Votes
  3
  Posts
  113
  Views

  

  Thanks! Looks like the devel build does solve this issue.
• D

  dnsbl PHP reset every minute
  • DirkO  

  5
  0
  Votes
  5
  Posts
  95
  Views

  D

  @ronpfs said in dnsbl PHP reset every minute: I don't use Service_Watchdog, so why do you ? I do because this little pfsense box sometimes gets overwhelmed and then snort crashes, so this will kick it back online, also it will email me when services are down
• L

  pfBlockerNG firewall rules and exception
  • lucas1  

  5
  0
  Votes
  5
  Posts
  161
  Views

  L

  Thanks, with disable the IPv4 table and remove the associated Auto FW rule understandably. For will prevent Selected IPs from being blocked associated Auto FW just enough these IPs add in pfBlockerNGSuppress alias at Suppression = Enabled and all?
• W

  pfsense keeps blocking Cloudflare sever IP range
  • Wepee  

  8
  0
  Votes
  8
  Posts
  358
  Views

  S

  In PfblockerNG --> General there is the Option Rule order. I think you should define a custom ip list (under ipv4 section) with action "pass" and than define the rule order so pass come before block/reject.
• 

  Blocked Site Report
  • ToTalChaos1010  

  4
  0
  Votes
  4
  Posts
  184
  Views

  

  @totalchaos1010 said in Blocked Site Report: @ronpfs Thanks for the response. Have the alerts tab, yes, however I am looking for "total count" reports, not log format. What total count ? Total number of entries per URL ? You should be able to find that in pfblockerng.log. You could also use pfblockerng-devel that has a Reports tab with more statistics about the package.
• M

  How to encode a gif file to replace the base_64 image.
  • Moon_D  

  4
  0
  Votes
  4
  Posts
  133
  Views

  

  I downloaded the 1x1 Gif, uploaded the file in the Encode files into Base64 format section, select UTF8, hit >Encode<, I got the same result as the one in the index file.
• G

  pfBlockerNG logs
  • gotanbl  

  4
  0
  Votes
  4
  Posts
  166
  Views

  G

  Thanks BBcan177!
• S

  Pfblocker (DNSBL) and android amazon app (android web viewer) issue "SOLVED"
  • scorpious  

  14
  0
  Votes
  14
  Posts
  7641
  Views

  A

  Not sure if this is still an ongoing issue, but posting incase someone else finds this thread with the same question. Adding this fixed the app for me. No more "Something has gone wrong messages". If any other issues come up, I will update this post. DNSBL Whitelist .aan.amazon.com
• F

  Frequent pfBlockerNG GeoIP Alerts?
  • fernis  

  8
  0
  Votes
  8
  Posts
  229
  Views

  

  @fernis IP Tab Edit the Alias name Modify the "Action" setting. Click on the blue infoblock icons for additional details.
• M

  Pfsense / Pfblocker Directory
  • Moon_D  

  2
  0
  Votes
  2
  Posts
  115
  Views

  

  @moon_d What do you mean by "directory"?
• 

  pfblocker not working for every site in a list
  • randombits  

  3
  0
  Votes
  3
  Posts
  152
  Views

  

  One is https - with the cert error, but nslookup shows everything is working ok - thanks. I was thinking Chrome was looking at it's list first before it gets to PFB. I don't have anything in the IPv4 list. How your can tell the difference between lists and feeds come to that ? - I guess one has site domains and the other IP's ...
• A

  How to block an ip range from any company.
  • anttechs  

  8
  0
  Votes
  8
  Posts
  282
  Views

  C

  yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though. Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.
• 

  Working Blocking with fast CLOUDFLARE DNS - incl Torguard VPN
  • ressurex  

  3
  0
  Votes
  3
  Posts
  194
  Views

  

  i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france. since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms.. this makes my browsing much less inpatient
• J

  pfBlockerNG specific port access...
  • Jhendo6  

  5
  0
  Votes
  5
  Posts
  200
  Views

  

  @jhendo6 You can always use "Alias Type" rules and then manually create the firewall rules to suit your needs... Refer to the blue infoblock icon for the "Action" icons.
• 

  Facebook blocked but don't receive the icon or message?
  • periko  

  1
  0
  Votes
  1
  Posts
  94
  Views

  No one has replied

• S

  DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953
  • SnowmanUT  

  29
  0
  Votes
  29
  Posts
  600
  Views

  S

  @BBcan177 fixed my issue which was unrelated to pfblocker. Somehow my Pfsense became corrupted related to the unbound_control.key and unbound_server.pem. He got it to generate new ones that fixed unbound which in turn got Pfblocker working. We are not sure why it happened but he is reporting issues to them. Owe him for sure, great guy.
• C

  DNSBL not activating
  • CyberMinion  

  13
  0
  Votes
  13
  Posts
  336
  Views

  

  If you inspect the pfblockerng.log it has been saying that for every Cron update or Force Reload DNSBL since you enable TLD. To track memory usage, use Status Monitoring , System Memory
• A

  pfBlockerNG-devel 2.2.5_21 / Ad Blocking advice
  • adamdbuk  

  3
  0
  Votes
  3
  Posts
  346
  Views

  C

  I've been using some Pi_Hole blacklists too, which you could try: http://sysctl.org/cameleon/hosts (Cameleon ads) https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads) https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers) https://hosts-file.net/ad_servers.txt (Hosts File Ads) https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist) You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it. https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page. I hope this helps!
• P

  pfBlockerNG v2.1.4_16 pfB_Top_v4 block count = 0?
  • penicheiro  

  2
  0
  Votes
  2
  Posts
  116
  Views

  P

  OK Fixed the error on block count =0 It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.
• 

  (Solved)Difference between blocked answer?
  • periko  

  2
  0
  Votes
  2
  Posts
  129
  Views

  

  DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/
• 

  (solved)dnsbl feeds position matters?
  • periko  

  5
  0
  Votes
  5
  Posts
  165
  Views

  

  @ronpfs, thanks for pointing this detail.