I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension.
Looking forward to it.
I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard.
Great work hope it's coming along well ;)
Great job.
I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.
@BrettC:
Hi, one thing i am noticing with pfBlockerNG is that it may be missing an end-double quote on its shell commands?
No the quote is used in the grep command to find an exact match starting with the first quotation mark in the line… The 502 error is being worked on... The upcoming release doesn't seem to be affected by this and will hopefully be released shortly... Stay tuned!
@dgall said in PFBLOCKER DNSBL Shallalist not working when I click on google links:
Better solution yet trash shallalist use a list like this one https://github.com/StevenBlack/hosts it works just as good without enabling TLD and uses nowhere near the ram
Shallalist is a large database... YMMV on its use compared to other feeds. You need to do some research/testing to see what works best for your needs. I typically do not recommend using a "middleman" compilation of Feeds as "StevenBlack" does. You would be better off adding the feeds that are represented in that compilation directly. In pfBlockerNG-devel, there is a Feeds tab that had quite a few feeds to choose from and also research their support pages.
I'd also recommend to enable TLD, it does use more ram, but it will block subdomains for malicious sites, which will not be blocked when that feature if disabled. But up to you...
@jwj said in Not understanding this ip block (https://ipinfo.io/AS32934):
So, it looks like ipv6 "tab" lists get incorrectly setup as ipv4 rules. And it looks like this has been fixed in the devel version.
Yes this is fixed in pfBlockerNG-devel
So it looks like the openvpn range had the range it was last configured for, but not some of the others that had failed.
[2.4.3-RELEASE][root@pfsense.home]/root: ifconfig | grep inet
inet6 fe80::224:b2ff:fedf:a196%bge0 prefixlen 64 scopeid 0x1
inet 73.82.108.146 netmask 0xfffffe00 broadcast 255.255.255.255
inet6 fe80::2e0:66ff:fe6a:c58f%bge1 prefixlen 64 scopeid 0x2
inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255
inet 10.254.254.254 netmask 0xffffffff broadcast 10.254.254.254
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::2e0:66ff:fe6a:c58f%bge1.2 prefixlen 64 scopeid 0x7
inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
inet6 fe80::2e0:66ff:fe6a:c58f%bge1.5 prefixlen 64 scopeid 0x8
inet 10.2.0.1 netmask 0xffffff00 broadcast 10.2.0.255
inet6 fe80::224:b2ff:fedf:a196%ovpns1 prefixlen 64 scopeid 0x9
inet 10.2.10.1 --> 10.2.10.2 netmask 0xffffffff
inet6 fe80::224:b2ff:fedf:a196%ovpns2 prefixlen 64 scopeid 0xa
inet 10.1.10.1 --> 10.1.10.2 netmask 0xffffffff
I think that my choice works out fine though, 10.254.254.254 is way out of the way.
@ronpfs said in DisconnectAds, DisconnectTracking and DNSBL_Malicious - D_Me_Malw:
host -t A s3.amazonaws.com
Thanks Ronpfs it did the trick
host -t A s3.amazonaws.com
s3.amazonaws.com is an alias for s3-1.amazonaws.com.
s3-1.amazonaws.com has address 54.231.33.202
Did not new the command dig (domain information groper) thanks
@heman said in DNSBL Certificate errors:
I was wondering if the 0.0.0.0 option you mentioned has made it / will make it into one of the upcoming releases?
Yes this is in the pfBlockerNG-devel version already...
@grimson said in pfblocker_devel:
You do know/understand that installed packages no longer show as an available package, as they are installed already?
lol yes, I was just wondering if the new version had the same stuff as the devel version.
It sort popped up out of the blue in the package list while I already had pfblocker installed so / I went and installed the pfblocker_devel version.
Maybe I was the only one who saw it.
The pfblocker_devel version I'm using now is excellent with all new feeds.
Now when I look at the package list I see the new version of pfblocker.
I'm thinking its time to fully uninstall the pfblocker_devel and go back to the pfblocker on the package list now lol
Looks like I'm the only one with the pfblocker_devel lol
Good to see Mr BBcan177 is back welcome home mate :)
cheers guys
With a little more troubleshooting I found the issue. I neglected adding in a firewall rule to allow the client access to the DNSBL VIP over ports 443 and 80.
Thanks for pointing that one out to me. I missed it, because I read this one, https://www.reddit.com/r/PFSENSE/comments/8lnugz/pfblockerng_devel_version_released/ ,which suggests it was only downloadable from the unstable branch, as I did not expect a development release in the stable branch...
@bbcan177
2.4.4-DEVELOPMENT (amd64)
built on Fri Jul 27 07:50:35 EDT 2018
FreeBSD 11.2-RELEAS
Intel(R) Celeron(R) CPU 3215U @ 1.70GHz
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: No
I started having the PHP error issue when up upgraded to DEV - some weeks back. At the same time I redid the way I had PFBLOCKERNG set up (also upgraded that to pfBlockerNG-devel). So far with the "delete" set I've been stable since July 26th...
@bbcan177 said in Update lists fail:
@qinn said in Update lists fail:
btw From what I've read, when I want to move over to the latest dev of pfblockerNG I have to first deinstall pfblockerNG and then install the dev version and all settings will be restored, is this the right way to move over to the dev version?
Yes I would just go to devel and see if that fixes your issue.... There are a ton of new features in devel....
https://www.reddit.com/r/PFSENSE/comments/8lnugz/pfblockerng_devel_version_released/
Also install the "Cron" package for pfSense and you can see the pfSense Cron tasks from there.
Thanks for your advise hoping for a release soon, I don't care about an ETA, take your time and keep up the good work.
@Steve_B Sorry to keep bothering you but I'm learning as I go. For the PFSense box that I built, I used a Gigabyte B360N with a built in Intel CNVi 2x2 802.11 wifi. How ever I can not see it while in PFSense .... is there a driver I need to install? if so could you be so kind as to point me in that direction.
@ronpfs Thank you. Sorry I didnt get that quickly.
Removed PFBlockerNG and installed devel version, i can now see the blocked webpage option.
again, thank you.
You normally would not put any sort of rule on "outbound" wan..
Rules are evaluated as traffic enters an interface towards pfsense from the network that interface is connected too.
If you want to block something on your lan or opt or any other "lan" side network then you would place the block on the that interface.
@dabone said in PFblockerng 2.2.1 with tdl, adding a schedule?:
is there an easy way to schedule the block?
There is no provision for scheduling in pfblockerNG.
