I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension.
Looking forward to it.
I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard.
Great work hope it’s coming along well
I’m having problems with iOS 11.3 BETA. It seems that safari can’t go to 0.0.0.0 and pages can’t load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.
I’ve just set this up, and the blocker is indeed very effective!
At the moment I’m using the DNSBL part only but so far it’s impressive.
The only thing missing at the moment is the DNS blocking for IPv6 content. For example on Youtube.
As I understand this would be a new future for the upcoming 3.0 release, if so then I’m eager to try it out.
Thanks for your work on pfBlockerNG and your support, it’s a must have for PfSense.
I should have posted this in the pfBlockerNG 2.1 topic, that’s the actual version installed on my pfsense box.
Hi, one thing i am noticing with pfBlockerNG is that it may be missing an end-double quote on its shell commands?
No the quote is used in the grep command to find an exact match starting with the first quotation mark in the line… The 502 error is being worked on… The upcoming release doesn’t seem to be affected by this and will hopefully be released shortly… Stay tuned!
Yes I can browse and ping the VIP (10.10.10.1, the default) (when I browse I see the block page).
Here is an example of how it happens from the user point of view if it helps:
You enter a URL in the browser (Chrome). You see “resolving host…” in the status bar at the bottom, this happens for a minute or so, sometimes faster. Then you get the “This site cant be reached” error. If you type the URL in the browser again it will then resolve and find the site right away. Sometimes you need to enter it a couple times to resolve correctly.
@deividuska said in Site Blocking Using pfblocker DNSBL Unblock device:
So what are my options in pfBlockerNG? DNSBL EasyList?
If I follow, you have one device that you do not want ad blocking on. If true, manually set the DNS on that device to the server you want. It will bypass DNSBL.
Run the following command:
grep -A30 "<menu" /conf/config.xml
And check to see if there is an empty <menu></menu> tag… I have seen this with another user, but am not sure if its a pfSense bug or a pfBlockerNG bug?
If there is an empty tag, you can edit /conf/config.xml and remove that empty tag. If you do that from pfSense > Edit File, that will reload the config after you press save and hopefully that fixes it.
Not sure where you got the idea that pfblocker would be the correct tool for blocking users from accessing social media, and allowing others.
That would be better done with a proxy and categories…
Sure you can use the pfblocker dnsbl to block domains… But there is no drop down list that says this social media site, that one, this one… Allow X but block Y, etc.
These different sites use many many IPs multiple domain names and different CDNs to host their content… Do you have specific block lists already in mind that your wanting to use with pfblocker?
@bbcan17 said in DNSBL and PlayStation Vue issue - again:
manually add domain to the Whitelist
I really need hand-holding with this. I get the general concept, but where to “manually add domain to the Whitelist” and then to figure out (for example duappsdap.wshifen.com) an run ‘drill’ command, is not clear to me.
I hope it will be useful to many users.
I’ve not tried to read a file directly, but since the country aliases were created as URL aliases I copied that to create https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_GeoIPUSv4. Can you try loading via URL? Our Asia alias for instance is https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Asia_v4 and I’m pretty sure I didn’t create that one.
@securvark said in Firehol level 1 list blocking LAN resources:
I’ve been struggling with level 1 list as well.
Using the Level1 Feed will cause issues with any Outbound Blocking as that Feed contains the Team Cymru Bogons and Private IP address lists… You are better off in just using the Feeds that comprise the Level1 Feed without the Cymru Feed.
Alternatively, use the DEVEL pfBlockerNG “PRI1” Feed which contains a better selection of Feeds.
@ronpfs said in Alias Native Logging:
@morgion Can you use Adv. Inbound rules and use “Permit Inbound” and let it auto-create the rule which will have the 177 tracker id prefix?
Those rules do work, I have just been trying to not to create more aliases, and have more flexibility.
@ronpfs Oh, that is actually not a problem. I changed all the IPs in the config to 10.10.10.x for obfuscation. My LAN/VLANs all use the 10.100.0.0/16 range. So the VIP being on 10.10.10.1 isn’t an issue.
Pre-empting any comments re: why I chose this seemingly “stale” post, the issue covered in this thread remains current and unresolved which makes this the proper place to continue an open conversation.
Moving on, let me ask - what was the outcome on this? Given the feedback provided by more than a few users, it’s pretty clear that there’s either a bug with the Rule Order default setting or a misunderstanding in the user community as to how this setting is supposed to work.
Several users, such as myself, understand this setting to do the following:
Place the pfB rules at the top of the rules list;
Move all other user-rules immediately after the pfB rules with all rule content & ordering left intact.
If this is inaccurate - no worries - but then please clarify this so the users understand what is truly intended by this setting. In terms of a work-around, I have seen numerous suggestions to just use “alias” type actions but that does not clarify what this setting is supposed to do.
PS: This is an incredible package - thank you for taking the time to provide it to us…very much appreciated.