@BBcan177 As per https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 (and https://redmine.pfsense.org/issues/14189) the account ID doesn't sync to the HA backup without adding the one line fix "pfblockerng_sync_on_changes();" to pfblockerng.php (and waiting for cron to run).

@ncm-com said in pfBlockerNG / pfBlockerNG-devel v3.2.0_3 - pfSense 2.6 Only:

@steveits so if I deny all locations on GeoIP and allow one country on IPv4 it will overrule? let's say I need to add only a few countries to the allowed list.

On the Geo page use Alias Native and it will create an alias. You can then create your own rules in the order you wish.

@teranom

Euh, lol ?

See the pfBlockerng forum, where you nposted, and look at the very first non pinned post called pfBlockerNG 3.2.0_4 !

Its out for several days now.

@gertjan
I have figured it out now.
I was running the reload command and not the cron command.
When i run the cron command it updates the list in the firewall.
And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day.
Thanks for the help

@flepti said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

my setup too

You mean you use pfSense 2.4.5 and "007" fBlockerNG-devel ?
Easy solution : upgrade ?!

so happy to find the explanation relating the tables and lists!! thanks!

@gertjan

Just following up on this -- (Thanks for your help!)

The Python Group Policy action works for whitelisting any clients, per host address e.g. 192.168.1.100 that we do not want DNSBL to filter.

However I have another problem, sort of in the same neighborhood.

I am using GeoIP as well using a domain name white list alias (domain a/s lookup enabled) that I created called "domain_whitelist_v4"

This is the alias URL in the fw:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_domain_whitelist_v4

I'm trying to use the same GeoIP alias file " domain_whitelist_v4" in a DNSBL Group Feed source definition to not take action/block on.

The URL I set of the DNSBL group feed source definition is https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_domain_whitelist_v4.txt

I have the action set to "Disabled" instead of Unbound.

I figure that If I update the GeoIP alias "domain_whitelist_v4" section, that I do not have to then also update the DNSBL Whitelist section too since their (DNSBL & GeoIP) are both referencing the same domain name list (domain_whitelist_v4). Instead I have to update in 2 places for domain reachability sometimes depending if its also being blocked via GeoIP

Ideally, I don't want to remove all filtering for some clients, but instead I'd like to update one alias file that covers both DNSBL (permit) and GeoIP (permit)

I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension.
Looking forward to it.

I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard.

Great work hope it's coming along well ;)

Great job.

It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!

@ck42 The entry is related to Firewall / pfBlockerNG/ DNSBL / DNSBL Category Blacklist.

@breeoge said in PfBlockerNG:

@belt9:

I wanted to chime in here as I just updated from a month old RC to 2.4.0-RELEASE last night and ran into this problem today.

I haven't read through all of the many pages of the many threads that seem related to this issue (show how popular pfBNG is!), so maybe this has already been covered.

But I've seen several people state that this doesn't happen on ZFS - I have a raidz2 ZFS install, and this happened to me, just throwing that out there.

That is good to know. Thank you for the report.  BBcan177 is currently updating it to use SQLlite and this should fix any issues in the future.  In the other thread there is a temp fix posted..

https://create.vista.com/colors/palettes/

Thank you
BreeOge

Hello my friend. Many thanks to Bbcan177 for keeping the report up to date. as a result of this, in principle, the given problems are corrected.