@ronpfs said in pfBlockerNG-devel 3.0.0_10 won't uninstall:

@smoothrunnings What version of pfsense? There was a "fix" to install unbound 1.13.1 Unbound crashes periodically with signal 11

Version 2.5.0-RELEASE (amd64)
built on Tue Feb 16 08:56:29 EST 2021
FreeBSD 12.2-STABLE

Currently system is on the latest version.

@ronpfs a pleasure.

In your example there is a date, the missing data is the year.

Feb 23 17:19:24 pfSense filterlog: 9,,,1000000103,xl0,match,block,in,4,0x0

@gertjan will try 800k

@mhab12 said in No pfBlockerNG alerts after update to 2102:

Perhaps the log file locations are different after update to pfS+/2102?

The file format changed, 2.5.0 is not using clog.

@BBcan177

Well, did a clean reinstall today and - Unbound python mode love is back !
What was it ? No clue, suspect that package updates did not worked well after 2.5.0. upgrade.

Thanks all !

I agree it isn’t a reliable list, it blocked several genuine South Australian government health websites, and at that point I just turned off the list.

@beachbum2021 Often when the count is wrong, it is because you have identical Header/Label names.

I can't tell much without more information on your setup.

@gertjan ok thank you :-)

@gertjan
Is it possible to redirect blacklisted domains to a chose website ? (So, other than the internal 10.10.10.1 from pfblockerNG/pfsense appliance)
Before, I used adguardHome which redirected every BL to a pixelserv-tls website. And it worked well, I'd like to reproduce this setup.

@daddygo Finally found the answer for the issue. There are option available to me.

Disconnect Alexa or

Add device-metrics-???.Amazon.com to DNSBL white list if it’s not already included.

Replace ??? with relevant text

BC97945D-752D-419D-8348-8BF3487051CF.jpeg

Hope it helps anyone out there with a similar issue.

Same problem happens when I type gpioctl 2 0 to disable the leds.
Segmentation fault, core dumped.

@ronpfs said in Unknown User defined feeds:

@token Those URLs were removed from the Feeds tab because they are offline, discontinued, etc.

Click on the Alias/Group name and it will open the appropriate Alias/Group tab. Delete the URL, Save Settings, when done, run a Force Update, that should remove the feed from the db/pfblockerng folder. Inspect the logs, to find more problems.

Thank you!

@wolfsden3 said in New SafeSearch feature borked:

the one that works LOL.

What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start.
There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working.

That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business.

IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned.
Give it a try ;)

@sweety i am here because I have similar problems. Mine is:

ug(Removed due to SafeSearch conflict)
uk(Removed due to SafeSearch conflict)unicom|university|uno|uol|ups|
uy(Removed due to SafeSearch conflict)
uz(Removed due to SafeSearch conflict)va|vacations|vana|vanguard|
vc(Removed due to SafeSearch conflict)

...so dumb. There's NO CONFLICT! What's that have to do with FireFox's dumb DNS lookup in the browser if it's to be blocked? FFS these browsers are getting aggressive. So my white lists aren't working either as a result of this feature.

TLD Whitelist - Missing data | mailchi.mp | No IP found! |

For you to use your Windows DNS servers you simply need to setup your network like this:

PC's = your windows DNS servers as their DNS servers
Servers = your PFSense as their DNS servers
PFSense = your outside DNS provider like OpenDNS, Google, Quad 9, etc, etc.

It's not terribly difficult.

Good luck!

@ronpfs said in pfBlockerNG-devel v3.0.0_9:

@fireodo I am with Unbound Python mode, so I can't verify the difference in file between mode.

But this may be normal,

Hmmm, if I deactivate the DNS over HTTPS/TLS Blocking the Whitelist is reduced to 3 (in the pfblocker Widget - and also in the pfbdnsblsuppression.txt)

@teamits said in If i use pfBlockerNG will that take first hit before Suricata?:

@cool_corona I reread your post and I understand your point. I guess I don't particularly care "who" is port scanning if they can't get in. I just assume "outside is bad." :) (also I missed that you weren't the OP, from the emailed notification)

As I understand you, uour usage case is that someone scanning 10000 ports would get blocked before they get to the one open port, vs. if there was only one port open the LAN instance of Suricata wouldn't detect that as a port scan. It would trigger only if they sent a packet that would be forwarded by the one open port and blocked by the LAN instance. In that case the LAN instance is double scanning the packets, so I'm not sure there is as much benefit of scanning there? The LAN alerts might still be more useful for finding the LAN IP of outgoing traffic.

Possibly, a way to reduce the double scanning would be to have only rules for port scanning enabled on WAN?

Exactly the way I am doing it :)

@tac57 https://www.reddit.com/r/pfBlockerNG/comments/ldzsh3/can_no_longer_whitelist_ips_bug_or_user_error/

@bbcan177 said in Switched to Python unbound Mode and now have issue:

@gertjan said in Switched to Python unbound Mode and now have issue:

It /var/unbound/pfb_unbound.py, should be there, after a pfBlockerNG-devel 3.0.0_8 install or upgrade. Things go bad without it.

If the OP has Ramdisks enabled, that would wipe the /var/unbound folder and delete the Python script.

The Pkg needs to be re-installed and RamDisk option disabled.

I did not but a reinstall did fix my issue.

@srig Hi! The only domain I whitelisted for the Ikea gateway to work was webhook.logentries.com.
But now I got rid of the Ikea gateway. I hate it when a device will not work when you block all the telemetry and "phone-home" domains.

@gmxpt That's awesome to hear. I've been using it for two years now. I found that I was filtering too much. It was like a nice simple dns request would get to pfBlocker and freak out. So I worked on tuning DNS at a few different levels. I set the pfSense to use OpenDNS. I added the Squid proxy app and it made a big difference. I got rid a lot of duplicates, unnecessary filter rules, and started considering the DNS process as a whole, and took down that roadblock. When I was connected with VPN it got to skip past my configs. I wish I watched the two Packt Pub video modules first.