@urbanovits Create an alias using the GeoIP then use that alias on an outbound rule on the lan interface and allow the required ports.

I do this to only allow SSH / SFTP from the UK to the host in my DMZ and I switche the rules on when required:-

Screenshot 2022-08-18 at 12.32.05.png
Screenshot 2022-08-18 at 12.36.09.png

@gertjan said in RAM usage high:

@creationguy
Even if you had the RAM space so you could use xx zillion size DNS lists, you still do not want to do this. Other problems will pop up.
Python is already much faster as when tpfBlockerng-devel reloads unbound, but, still loading every host name in a xx xxx xxxx size file will take time. Time needed for every domain name lookup.

Some times is just easier to not to deal deal with the lists : I'll propose, for once, an external resolver like OpenDNS. Get an account with them, and activate the options you want, and have them deal with it.

And even that will no be a permanent solution. The porn lovers on your LAN will figure out that XyXyXVPN can help them, and you won't be able to see anything any more.

The best solution would be : don't give porn lovers access to your network ;)

And also : as long as it is porn, it isn't guns, knives, cocaine, human trade etc.

The block is for the kids, I don't want them to stumble across anything. While we are activley involved in teaching what is OK to look at and what isn't, accidents happen. We do have search engine safe mode forced as well.

I have considered having a VLAN set up for their devices and forcing a family safe DNS.

Update:

(^|\.)domain\.com$

Blocks the domain and subdomain... I just didn't clear my DNS cache on device. So far, it is working.

Its been 2 days and no error messages..looks like we are in the clear. (fingers crossed). Thank you.

@bmeeks I installed the regular version. I'll uninstall and try out the development version, thank you.

@wc2l Status/System Logs/Settings

Never mind, though I haven't resolved this specific issue, I realized I don't really need to set the gateway for the problem I'm trying to solve.

I tried to delete the post but It wasn't letting me.

@serouja sorry it's working fine now, I just have to reconnect to the AP.

@steveits thats what it is. It was the OISD feed. Once removed the error went away and I now see my custom list being used as well solving another issue i posted.
This feels like a bug as the memory was never reaching close to 4GB (4100 Max). There should still be plenty of memory available for the OISD feed.
@BBcan177 can chime in if he has free cycles.

Thanks for pointing me in the right direction.

@stephenw10 said in pfBlockerNG - unbound-control process spikes CPU to 100% every few seconds [SOLVED]:

So just the list containing a bunch of obsolete domains?

Not sure how many domains in that list are obsolete, and if that was the issue, however, what led me to actually remove the list is the fact that there are tons of legit domains in that list that pfBlocker was blocking. If you check the list, you will see asus.com and sony.com in there. And there is absolutely no reason to blacklist those sites. They are legit.

Then I thought this was actually a whitelist that i was using as blacklist, but then you find all those porn sites in there and tons of other entries that are present in legit block lists. Its a mess.

I just removed it and it all works.

@deanfourie
How do you know pfblockerng is blocking your VPN? Screenshot your log showing the block.

@deanfourie said in Microsoft hostname resolving to pfBlocker virtual IP?:

Any idea how this could be?

You have it blocked in pfblocker..

its not blocked here

;; QUESTION SECTION: ;v10.events.data.microsoft.com. IN A ;; ANSWER SECTION: v10.events.data.microsoft.com. 3600 IN CNAME global.asimov.events.data.trafficmanager.net. global.asimov.events.data.trafficmanager.net. 3600 IN CNAME onedscolprdwus11.westus.cloudapp.azure.com. onedscolprdwus11.westus.cloudapp.azure.com. 3600 IN A 20.189.173.12

@anna-count It's probably expected.
I guess the question would be "Why would you want to block a point to point?" but that's just a guess.
I use /31's for my VPN connections so pfSense does work with them but pfBlocker probably does not.
Just a guess though.

@justme2 Here is the answer as Gertjan said:

"A ping to 127.0.0.1 should always work. Consider a non working 127.0.0.1 as a massive failure."

@gertjan Thanks again. Since I dont have 2.6 running but am interested once the problems I have are resolved allow me to ask whether with 2.6 it will find the ASN number (as 2.5.2 did) as I type in the domain name. Or do I have to go and find the ASN number first. Parry

@patrick999 said in GeoIP not working? Where is rule?:

I set it to deny inbound for every region except North America

It should take less resources to do it the other way, allow North America. I usually use Alias Native and then can use it in my own rules, such as the Source on a NAT rule.

@bferr02 There will be more to come…

@provels It depends on whether one leaves the tab open as I do and how often one post to the site. If one goes to more when logged into account Settings and privacy > Ads preference > Interest, you could see thousands of interest Twitter Algorithm selected base on one's interaction with each tweet. I even selected that I don't want to see ads. So, there is a browser container add on from Github to prevent cookie snooping.

@viragomann said in Email reports?:

@pyrodex said in Email reports?:

I've looked at the the wonderful pfB reports for dnsbl but not sure how we can obtain the same data to be emailed out on a daily basis.

pfBlocker might write this into log files. You can use the mailreport package to send the log to you.
mailreport also lets you apply a filter to the file, so you can limit the lines to the actual date or to specific errors or whatever you want.

I tried this with the dnsbl.log and switched off VIP mode to NULL (0.0.0.0) which logs it into the file. However, I am seeing LARGE discrepancies between what the report shows for a 24 hour period vs what the log shows when I parse it. I even wrote a simple script to give me some data from the log and in fact do use the email reporting tool for that output but once again huge differences.

Just deleted the py.error.log and it went away.

On 2.5.2 still and havent upgraded yet. PFB 3.1.0_1

Redmine ticket logged through support channel: https://redmine.pfsense.org/issues/13209?next_issue_id=13207&prev_issue_id=13210

Nice....also explained why the "packets" count wasn't updating too....now that limit is up, all is well.