@tinfoilmatt I don't understand, where and what to add?

@jrey those pfb_*.sh files are the executables Thanks for clarifying the executables. I do not think that the hardware and table entry size won't be problem as the current configuration provides sufficient computation and memory for its operations. Pfsense is running in different hardware, e.g., Intel Xenon Platinum 8272CL processor and maximum table entries is set to 10 times than the default. pfSense Table Stats ------------------- table-entries hard limit 4000000 Table Usage Count 465931

@High_Voltage I don't think there is anything to do.. Pretty sure those are the defaults.. When you query pihole for something that is blocked.. By default it returns some sort of answer - I am not aware of a setting that would wait for a timeout. [image: 1757768975895-blockmode.jpg] So I really have no idea he would of been doing. If something is blocked in pfblocker you would either get back the vip (so you could see a block page) or you would get all zeros. Same goes for pihole - I am not aware of a setting that would just time out and not send an answer if you asked for something that was blocked. The only reason pihole would time out on sending you a response is what you were asking for actually just never responded to pihole. If some fqdn you were asking for was being blocked you would get the answer almost instantly. If pihole was forwarding to unbound which I believe is a common sort of setup for stuff that is not blocked. Again if pfblocker was blocking it, you for sure should get a response right away of either the vip or all zeros. Its possible maybe pihole doing rebind protection, and pfblocker handing back the rfc1918 of your vip maybe causes pihole some sort of hangup, but normally when that happens it just returns a null to the client since it got an answer, it just not suppose to hand it back to the client.. But again no time out. Only time I could see a timeout issue is when unbound didn't answer the pihole, again if something unbound doesn't get an answer from how its resolving/forwarding. Maybe he was sending back nodata, and the client didn't take that as an answer and kept asking for the same thing until it gave up?

Same issue on 25.07.1 pfBlockerNG-devel 3.2.7 Database Sanity check [ FAILED ] ** These two counts should match! ** ------------ Masterfile Count [ 26379 ] Deny folder Count [ 26378 ]

@marchand.guy you understand that an update would of cleared the cache - so for sure the numbers would be lower after this. Wait a few days to let your normal browsing habits stabilize.

@Gertjan Thanks for your reply – that’s also my impression. The point is: I don’t really see any lists right now that are actually “maintained” in the sense of being actively cleaned up, checked for dead domains, categorized, etc. That’s why my main interest is more about the demand: Would curated lists really be a game changer for admins? Would they be more helpful than what’s available today, or are most people already using other alternatives? If so, which ones? And from your perspective, what would be your expectation towards “community lists”? (e.g. reliability, update frequency, categories, fewer false positives?)

@BiloxiGeek said in DNSBL and IPv6: Does it just follow the IPv4 address that is listed above that? In my case it would end up being ::10.0.0.86 Yes. In this specific context that's the notation being used. (Full IPv6 web server address, for reference then, would be: http://[0000:0000:0000:0000:0010:0000:0000:0086]) Nota bene: I use 0.0.0.0 which renders the DNSBL webserver useless and inaccessible, but otherwise returns 0.0.0.0 or ::/NOERROR answers to all blocked lookups.

@mOrbo O.k. i see. Under such circumstances i would also stay on the internal DNS. Well just give it a try with @BBcan177 said in PFBlockerNG Python-Mode - Source-IP in Reports: For Python mode, when you use an internal dns server, you can either null block or check the option "DNSBL Event Logging", which will provide a workaround for this issue. So as far i remember, it did not work with Python mode and DNSBL Null block (logging). But i surely did not test it with checking "DNSBL Event Logging" and DNSBL Webserver / VIP.

@jrey Would you mind sharing a bit about that setup? I understand your reluctance to promise anything if you are looking into pfblockerNG package maintenance.

@Arowe95 How have you set up pfBlockerNG? For me if I do a basic setup using the Wizard the Steve Black Hosts list is already included. That would explain the duplicates :). Check Firewall / pfBlockerNG / DNSBL / DNSBL Groups, ADs_Basic. Click edit for that group and it contains one list, Steve Black Hosts.

@LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense

@tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!