@antgalla We tried blocking YouTube for my son via ASN but could not get it to consistently block. We ended up using a View in unbound. To block for everyone you could set a domain override to nowhere. Remember to block DoH/DoT to force devices to use pfSense for DNS.

@The-Party-of-Hell-No Well, this seemed to work! After the update, the error did not come back.

What is the best OISD list to use as of right now on the latest non-deval build?

@johnpoz

Same here.
With out of the box pfSense resolver settings I can access it just fine.
It's even native IPv6.
DNSSEC : the entire DNSSEC chain is a indeed a mess, somewhat a proof that the site is legit : only a real 'gov' site can make such a mess out of it 😊

@eric45 said in IPv4 update frequency:

pfsense version: 2.4.4-RELEASE-p2
pfBlockerNG version: 2.1.4_16

Hi,

I've noticed that any IPv4 lists that I have with an update frequency set in hours (ie: hourly, 2, 3, 4, 6, 8, 12) always update every 1 hour (assuming the time-stamp has changed) instead of the actual hourly setting. Lists set to update daily or weekly update exactly when they should.

The 'General settings / CRON Settings' is set for 'Every hour'.

I'm running pfsense with pfBlockerNG on a dedicated hardware box. I've also tried this in a VirtualBox VM with the same issue.

Have I missed a setting somewhere?

Thanks in advance

Eric

This is happening with me on 3.2.0_8 version...

@BBcan177 any idea? thank you!

@pftdm007

On what interfaces (WAN LAN Floating etc) did you place what rules ?

It has activated DNSLB, and reloaded after install and updated. In the CE version is there.

Yes, 1 Click. So we have a goog / perfect Solution. THX

@SteveITS said in Using the same whitelist in pfB and Snort:

I'm not aware of hosts in Suricata_Trusted_Hosts being blocked so I assume it's working anyway...?

That's the bottom line. If the hosts you do not want to get blocked are not getting blocked, then all is good.

I don't recall specifically testing with nested aliases back when I wrote the new alias functionality into the custom blocking plugin. I was mainly going after FQDNs (fully qualified domain names) at the time.

But the plugin is not digging into the alias to resolve it. It simply looks in the same pf tables that are listed under DIAGNOSTICS > TABLES. If the alias is there and is populated, then the plugin can test for IP addresses in the alias. If the alias is not listed under DIAGNOSTICS > TABLES, then Suricata is not using it even though it may show up in the View List dialog when viewing a Pass List.

I built a sort of fail-safe error handling feature into the custom code so that it will silently ignore an alias that is not found during run time. The operating assumption there is the admin might have removed the alias and I didn't want the running Suricata process to abort if that happened.

There may be more to this than PFBLOCKERING/PFSENSE. Remember that browsers offer the ability to use DNS over HTTPS. Basically Firefox, Chrome, Edge... can use HTTPS to forward DNS requests straight out to the internet, not leaving it to your router to do. It's encrypted as well on port 443 so your router can't stop it. You have to go into the settings of the browsers you use and turn it off.
Your DHCP settings can also be providing an internet DNS server IP to your computer's network settings so make sure that DHCP is providing your PFSense IP or the IP of your internal DNS server if you have one other than PFSense. I do, and have my DNS server forward to my PFSense box, which then takes over.
In either of these cases, If DNS queries are direct from the browser to the internet, or to an internet DNS IP provided to the desktop via DHCP, PFSense/PFBlocker is 'out of the loop' at that point.