@steveits said in Any pfBlocker issues with Upgrade from 2.4.5 to 2.5.x?:

Netgate recommends removing packages

I like to add :
When all packages are removed, reassure that basic firewall operations are good. Add a 24 hours cool down and one or two reboots are also advisable. Issues that are present before an upgrade will pop up, and have to be dealt with before the upgrade.

@ronpfs
I missed that, thanks. I suppose then this should be confirmed by whomever reports that it's not working.

I can't get mine to even turn on -- power it on - red lights come on and about 30 seconds later it shuts down..... I have had this for about 2 or 3 years. Came home and found it off - can't get it to boot - just stays red. Trying to get someone to help also.... at least your farther along than I am. Sorry, will be watching to see if you get some assistance.

Hi
I am running Community edition 2.5.2 Release
PfblockerNG 3.0.0_16
I have the same issue running unbound python mode.
The DNSBL counters in the widget increment OK (25,110) but I have 0 entries in the IP section even though the logs are incrementing fine and Alerts are showing OK in the pfblockerNG alerts TAB..
Thks

@johnpoz said in Deny all except a country:

will then see it normal pfse

Thanks you very much, it is very clear and there are not post that explain it as well

I will keep an eye out for it - maybe you have some app trying to use it?

Just took a look at my log for dot.. Only my shield TV is hitting it now and then.. Seems to try once an hour ;)

dot.png

And good thing is - its trying it to the dns I have set it to use.

When Disabling TLD Wildcard , Clients can successfully resolve websites and access pages but , I loose many of the subdomain blocking that worked before

Cron tasks also finish with any 'non responding' , with TLD disabled

Problem is many sites are not blocked without TLD

@gertjan said in py_error.log errors: maxmindb and _sqlite3 modules not found:

But sometimes I (re) discover that the GUI does have it's advantages.

I agree with this, pfS GUI is sophisticated, but there are some things it can't even do... 😉

@steveits

I disabled many things of pfBlocker NG (which is the latest version)

I think my guess was right, the rules were not correctly (re-)loaded because of the IPv4 + IPv6 Alias which pfBlockerNG (DNSBL) automatically generates.

Editing these aliases is evil (and does not really work permanently) so I disabled the DNSBL feature and now everything (re-)loads fine....

Cheers

4920441

@marc05 yes indeed, if the rule exists it is checked against it, unless you match with a quick rule then it stops matching further at that point. Advantage of floating rules you can make them quick rules. If you want to reduce the checks you would want to prune rules or try consolidate them etc. or structure quick rules for known good traffic.

Anyone? No one? pfSense is allowing stuff to bypass the firewall if it's whitelisted in SquidGuard and no one is alarmed about that?

@ronpfs said in Resolver Live Sync:

@stewart Resolver Live Sync is using unbound-control(8) to modify unbound internal database instead or restarting unbound.

Glad to hear that. Is anything lost or does anything change that we would see? Or is it all back-end and everything presents the same to the users? I assume we check that box and all we see is that Unbound doesn't restart as often.

I have this issue also with pfblocker and the Amazon app (Android). I whitelist the domains that I saw in the report log but I still have the dog screen come up stating "UH-OH Something went wrong on our end." What's odd is that this only happens when searching and it only happens when searching certain terms. Has anyone found the exact domains to whitelist? (aan.amazon.com did not do it for me)

@jegr yes Ive had that checked. been running Pfblocker for the past 3 upgrades on the same pf instance.

i have the same error to after upgrading from 2.5.1 to to 2.5.2

@gertjan Thank You.

Works great!!

If you have nothing running on 80, it shouldn't be a problem - but that alias is every IP on your firewall. For such a rule it would be bad practice to use such an alias.

Would you mind PM the domain your using for acme - curious to see who the SOA is for this domain.

I have made the changes in this thread related to the 2.5.2 upgrade and pfBlockerNG. I think the issue is now fixed

https://forum.netgate.com/topic/165000/error-loading-firewall-rules

@talaverde said in py_error.log after 2.5.2 upgrade:

have to figure out which of many entries

I'll help you.
It's here :

@talaverde said in py_error.log after 2.5.2 upgrade:

2021-07-09 19:49:33,438|ERROR| [pfBlockerNG]: Failed to load: pfb_py_zone.txt: 'ascii' codec can't decode byte 0xe2 in position 1176: ordinal not in range(128)
2021-07-09 19:49:40,059|ERROR| [pfBlockerNG]: Failed to load: pfb_py_whitelist.txt: 'ascii' codec can't decode byte 0xe2 in position 3755: ordinal not in range(128

With an editor like Notepad++ you could fine it easily.

@steveits
Thank you. Indeed this works nicely.
Probably you overwrote that change with the upgrade to 3.0.0_16 ?

If this code change will be added in the next version, I suggest to also add a hint that an empty license key will deactivate all GeoIP auto updates...

Regards
Dennis