pfBlockerNG

• 

  pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!
  • BBcan177  

  74
  9
  Votes
  74
  Posts
  10071
  Views

  W

  @stephenw10 said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!: Enter the Key in the 'Maxmind License Key' field in pfBlocker. Now you can access the GeoIP tabs. Steve Thanks Steve.
• S

  Firewall Rules Order
  • Stewart  

  19
  0
  Votes
  19
  Posts
  5554
  Views

  

  @BBcan177: You can create a new alias in pfBlockerNG and add "0.0.0.0" which is equivalent to "any" IP, into the custom list… Then edit either the Advanced Inbound or Outbound Firewall rule settings to configure the balance of the rules options... You can then define this Alias Action setting to Permit or Block... You can drag the Aliases from the IP tab to re-order as you wish. Also as stated above, you can use "Alias Type" rules and create all the rules manually. I don't know but all those changes seem too much and too complicated. Here is my example, I want to keep untouched rules order to make all network clients to use pfSense router as DNS server like: pass - Allow DNS to pfSense only block - Block all DNS not to pfSense And every time pfBlockerNG updates, my "block" rule get pushed to the end of the list. It seems wrong to me regardless of workarounds.  As I described in this https://redmine.pfsense.org/issues/8279 Why won't we either 1 - in pfBlockerNG, Rule Order add option - "Do not change (preserve) existing order" or 2 - in Firewall Rules <if>add say a check box "Preserve existing order", which will not allow the order to be changed. ???</if>
• N

  Bypassing DNSBL for specific IPs
  • Ns8h  

  18
  2
  Votes
  18
  Posts
  10384
  Views

  R

  @mcury Right.. Its what i did above and what my current config is. What i mentioned is what i had before i made the changes which was the config below without all access control stuff. I think my problem might be because im running an active directory domain and all my computers are set to use a windows dns server which forwards to pfsense to do dns over tls so im thinking no matter what network i put in the access control view it will be blocked if i do dnsbl on that network since pretty much everything has its dns set to my windows dns server, except the guest lan. For example: My windows dns server is on 10.10.0.0/24 network my windows pcs are on 10.0.0.0/24 opendns computers are on 10.0.8.0/24 guest is on 192.168.10.0/24 my windows pcs have their dns server set to the dns server on the 10.10 network so i think if i dnsbl on the 10.0.0.0/24 network its not working because windows computers dns are pointed to the dns server on the 10.10.0.0/24 network which wouldnt be dnsbl. Also i think id have the same problem on my opendns network as well since its dns servers also point to my windows dns server so i can rdp into network pcs. If i am wrong in how this works please chime in. Sounds like i might need dns servers for each network? Ideally i just want to do dnsbl on my guest and opendns networks because i want guests to have adblock. I also want to connect to my openvpn server from my phone and browse the net on my phone with no ads and in addition have the ability to rdp into my pcs and servers but how can i achieve that when the opendns network dns points to the windows server network?
• 

  Support pfBlockerNG development!
  • ivor  

  5
  2
  Votes
  5
  Posts
  4517
  Views

  A

  I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension. Looking forward to it. I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard. Great work hope it's coming along well ;) Great job.
• K

  Thanks BBCAN177 !
  • Koent  

  5
  1
  Votes
  5
  Posts
  3163
  Views

  S

  As pointed out to me in another post. https://forum.pfsense.org/index.php?topic=139634.0
• 

  PfBlockerNG v2.1 w/TLD
  • BBcan177  

  124
  0
  Votes
  124
  Posts
  57516
  Views

  E

  It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!
• 

  PfBlockerNG v2.0 w/DNSBL
  • BBcan177  

  1070
  3
  Votes
  1070
  Posts
  527416
  Views

  M

  @anttechs said in PfBlockerNG v2.0 w/DNSBL: Many thanks ;) You're welcome I disabled TLD because I had .com and most of the others in there Yeap, that would be it! Cheers
• W

  PfBlockerNG
  • wbennett77  

  1194
  0
  Votes
  1194
  Posts
  437922
  Views

  E

  @RonpfS Thank you friend it worked.
• P

  Shallalist and UT1 lists not working on 2.4.5-RELEASE/pfBlockerNG-devel 2.2.5_29
  • provels  

  13
  0
  Votes
  13
  Posts
  187
  Views

  R

  @BBcan177 Yep I did, but then spent the day doing my taxes. Looking at it again now, yes it is working again! Thank you!
• F

  pfBlockerNG-devel install - PHP Startup Errors - failed to load readline.so
  • fabrizior  

  8
  0
  Votes
  8
  Posts
  46
  Views

  

  it does't surprise me, pfblockerng is outdated , pfblockerng-devel have more features
• F

  Upgrade from pfBlockerNG to -devel before 2.4.5 upgrade?
  • fabrizior  

  4
  0
  Votes
  4
  Posts
  88
  Views

  F

  @Gertjan @t41k2m3 Thank you for the details. I’ll make the jump to the -devel package first then. Are there any specific posts/blogs you would recommend to get up to speed on any critical changes or potential gotchas that might extend my maintenance window? My router is usually hovering around 3% CPU and 19% memory utilization with pfblocker, squid, squidguard, snort, and a few other pkgs running. these stats are with no inbound OpenVPN client tunnels active or outbound IPsec VPN to my Oracle Cloud IaaS tenancy up. Still, plenty of resource capacity.
• T

  Post-upgrade to 2.4.5 pfBlockerNG-devel causing memory and/or CPU spikes
  • t41k2m3  

  1
  0
  Votes
  1
  Posts
  40
  Views

  No one has replied

• A

  PFblockNG Devel not logging or blocking domains
  • antoni777  

  14
  0
  Votes
  14
  Posts
  185
  Views

  A

  I still get nothing, In the post above i always get the same error , "Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding" V/r Tony
• G

  pfBlockerNG 2.1.4_21 totally lag system after pfSense upgrade from 2.4.4 to 2.4.5
  • Gektor  

  2
  0
  Votes
  2
  Posts
  75
  Views

  J

  @Gektor said in pfBlockerNG 2.1.4_21 totally lag system after pfSense upgrade from 2.4.4 to 2.4.5: Source from: https://forum.netgate.com/topic/151690/increased-memory-and-cpu-spikes-causing-latency-outage-with-2-4-5 After upgrade system from 2.4.4 to 2.4.5 enabling pfBlockerNG case 100% CPU usage (by pfctl process), long boot, and pfSense works with spikes and hangs, LAN connection loses. I would recommend that you remove pfBlockerNG 2.1.4.21 and install pfBlockerNG-devel 2.2.5.29 which is the latest version of pfBlockerNG. I don't know why they don't remove the older version as it should not be used anymore. I believe there are known issues with it.
• M

  Advanced Inbound Firewall Rule Settings
  • maxyca  

  2
  0
  Votes
  2
  Posts
  54
  Views

  M

  Really nobody did it?
• J

  Feed not updating with cron but does by force
  • Jobee  

  7
  0
  Votes
  7
  Posts
  91
  Views

  S

  Hello! Are you using ram disks in System/Advanced/Miscellaneous? This sounds oddly similar to these : https://forum.netgate.com/topic/151591/sort-4-not-downloading-vrt-rules/ https://forum.netgate.com/topic/151634/php-errors/ John
• P

  GeoIP and Auto Rules
  • provels  

  1
  0
  Votes
  1
  Posts
  39
  Views

  No one has replied

• 1

  DNS custom IPv4 blocklist stored as base64?
  • 1OF1000Quadrillion  

  2
  0
  Votes
  2
  Posts
  37
  Views

  

  Uh...Base64 is not a number base. It is a method for encoding binary values as text strings. See Wikipedia here: https://en.wikipedia.org/wiki/Base64.
• P

  Trying to run pfBlockerNG-devel update automatically after reboot
  • provels  

  1
  0
  Votes
  1
  Posts
  28
  Views

  No one has replied

• L

  Migrating from Pi-hole to PFblockerNG
  • lordofpc734  

  2
  0
  Votes
  2
  Posts
  96
  Views

  

  you can add list from DNSBL / DNSBL groups and press ADD, insert that link save and enable it for the regex stuff i found this on redmine https://www.reddit.com/r/pfBlockerNG/comments/d01qod/can_pfblocker_block_urls_by_regex/ez56ta3/ This will be available in the next major release as it will utilize the Unbound python integration. it's 6 months old idk how are things going on about it update here https://www.reddit.com/r/PFSENSE/comments/fj1ks8/migrating_from_pihole_to_pfblockerng/ Will be in the next pfBlockerNG-devel release when pfSense 2.4.5 is released.
• T

  PfBlockerNG whitelisting blocked GeoIP
  • techman2005  

  8
  0
  Votes
  8
  Posts
  100
  Views

  

  @techman2005 I just looked up scan.nextcloud.com and it resolved to 95.217.53.149, so you may need to actually edit the file /var/log/pfblockerng/ip_blocklog and remove the IP. I don't understand why it didn't adjust the data when you added the domain, saved, and reload. You could scroll to the right of that log file to see the list it belong to and try adding the IP to the custom list I think...maybe @BBcan177 can step in.
• N

  Find IP Address being blocked in feeds
  • nuffsai21  

  2
  0
  Votes
  2
  Posts
  146
  Views

  N

  Spent more time reviewing the changes I made. If I am not mistaken the pfB_Top_v4 alias is made by enabling GeoIP blocking (any of the lists there). In my case I enabled Top Spammers list and with action 'deny outbound'. After disabling 'GeoIP Top Spammers' the ubuntu updates began working.
• W

  Advice - Allowing client to bypass pfblocker-ng
  • wesfox  

  12
  0
  Votes
  12
  Posts
  2009
  Views

  T

  Hello All. I would like to ask about the following. I have some IPs bundled in an ALIAS and these IPs should bypass pfBlockerNG. When I unselect these IPs by their dedicated VPN-Interface in "Select Outbound Firewall Interface", these IPs are still get filtered by pfBlocker. Is this the reason for for this because of checking the option for floating rules (Open VPN) in DNSBL firewall rules? Nevertheless, I found wesfox's link for bypassing single IPs. Would this be the right way to bypass pfBlockerNG for some LAN IPs? Thx for your support in advance.
• W

  TLD white list not working
  • wolfsden3  

  21
  0
  Votes
  21
  Posts
  107
  Views

  

  @A-Former-User said in TLD white list not working: @wolfsden3 said in TLD white list not working: Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not. Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think. I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be. Thanks again. last thing i promise. below i have screenshot and posted my firewall rules: Floating: WAN: LAN: GUESTVLAN: blacked out information is just rules for my openvpn I just got to say I like your firewall arrangement...bravo!
• S

  All alerts showing as unk country code.. help
  • sesipod  

  22
  0
  Votes
  22
  Posts
  137
  Views

  S

  Hello! Just more guessing...I am not sure I am looking at the correct code... The download from maxmind is 'application/gzip' The code doesnt look like it will decompress this type, and will only rename the downloaded file. Maybe if ($file_type == 'application/x-gzip' || $file_type == 'application/gzip' ) ? John
• E

  High number of unbound resolver queries since last clearing
  • eindhovenfinest  

  1
  0
  Votes
  1
  Posts
  48
  Views

  No one has replied

• 

  pfBlockerNG-devel 2.2.5_29 - Cron job drops internet every 30 minutes.
  • Herman  

  10
  0
  Votes
  10
  Posts
  193
  Views

  

  Managed to choke pfSense with 4GB ram and pfBlockerNG to not answer to icmp echo anymore. So my theory stands: Add more memory.
• T

  pfBlocker causing dropped states on synced routers
  • timboau 0  

  1
  0
  Votes
  1
  Posts
  38
  Views

  No one has replied

• R

  DNS Resolver crashing on start
  • robnyr2317  

  3
  0
  Votes
  3
  Posts
  69
  Views

  R

  I’ll try less feeds. It’s a sg-1100 appliance so I can’t add memory
• 

  pfBlockerNG and Suricata (IPS) interaction
  • newyork10023  

  8
  0
  Votes
  8
  Posts
  700
  Views

  

  @timboau-0 said in pfBlockerNG and Suricata (IPS) interaction: OK, I'm thinking that makes sense - so unless there was an attack against the actual firewall - any traffic that did make it through malicious or not would be 'seen' traversing through to the LAN. Yes, this is correct. The LAN is the best place to put an IDS/IPS 99% of the time. A major reason is so, when using NAT, the IP addresses you see in alerts will be the actual LAN host addresses instead of the NAT IP. When you put the IDS/IPS on the WAN, all internal host traffic shows up under the WAN public IP due to NAT. So finding what internal host generated an alert is very difficult.
• T

  Blocking Youtube Ads
  • thezfunk  

  29
  0
  Votes
  29
  Posts
  22196
  Views

  T

  I have managed a respectable level of YouTube cleanliness but it has taken a multi-pronged approach. DNS blocking helps with either a Pihole or pfBlockerNG but you will need browser/app level blocking as well. On a PC that isn't very hard and there are some well known and effective addons that I use in Firefox and have no issues. The problems were with all my Android devices whether that be phone, tablet or streaming boxes of various manufacturers. Even though I was forcing DNS as best I could through my pfSense, I was still getting regular ads. Better than nothing, but still highly annoying. The Youtube applications will circumvent any rerouting or DNS blocking you use. Encrypted DNS is good to hide our DNS requests from our ISP but it also allows Youtube to get around our filter/block. The only way to try and prevent this, from what I was reading, was to root all my devices. That is not something I want to have to learn and especially, mange for each device. Luckily, I finally found a new solution. Replace the stock apps. On my phone, I use YouTube Vanced. It is a 3rd party Youtube app that seems to work exactly like the stock app and I never get anymore ads. I love it. On my streaming boxes, I use Smart Youtube TV. Gloriousness has ensued. The only issue I have had is that Youtube Vanced crashes on my old Nvidia Shield tablet. Probably because it is running an out dated version of Android. One final note. With pfBlockerNG (and DNS redirect) I had an issue logging into Netflix. It would give an error but their network tests would all pass. I read somewhere online that Netflix absolutely has to touch 8.8.8.8, no exceptions. I thought that was weird because Netflix was working on some boxes already but not the new one I installed. I block and redirect all DNS traffic to my pfSense for everything. I ran an experiment where I disabled pfBlockerNG on initial sign in with Netflix and then reenabled it after I was signed in. Fixed the issue. Once I was logged in to Netflix it doesn't seem to need to touch 8.8.8.8 again. So, when installing Netflix app, give it access to 8.8.8.8 that one time and then you can block it after that. I have spent a ton of time working through all this and now my life is 100% better. I watched some Youtube in a hotel room on their smart TV and I don't know how anyone manages to watch anything with all the ads I saw. I got frustrated and turned it off. TV commercials are less annoying.
• 

  Comprehensive YouTube/Google Ad Block List
  • kklouzal  

  10
  1
  Votes
  10
  Posts
  12961
  Views

  D

  I stopped using chrome and switched to the Brave browser (Download from the official site- https://brave.com/wso960). I forgot about advertising on YouTube. Brave was created by Brendan Eich, one of the founders of the JavaScript programming language, using the Blink engine (developed by Google). All popular browsers are created on this engine - Opera, FireFox and Chrome itself.
• S

  Unable to edit GeoIP Links
  • Stewart  

  23
  0
  Votes
  23
  Posts
  119
  Views

  J

  @Stewart said in Unable to edit GeoIP Links: Maybe not. I was just checking the lists to edit but if I run an update I get: MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ... Download Process Starting [ 02/25/20 14:34:14 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized Failed to Download GeoLite2-Country.mmdb /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK Download Process Ended [ 02/25/20 14:34:16 ] Is that right? It lets me edit the lists now but I'm only authorized for 1 of the 2? When you view the pfBlockerNG box in the pfsense Dashboard, does it show that MaxMind has updated? If not, you may not have any list downloaded. If it doesn't show that MaxMind has updated, issue the following command from Diagnostics, Command Prompt without the quotes: "php /usr/local/www/pfblockerng/pfblockerng.php DC". This should force an update MaxMind since it is only set to update once a month by the default cron.
• V

  pfBlockerNG-devel not showing blocked DNS requests
  • vjizzle  

  9
  0
  Votes
  9
  Posts
  343
  Views

  V

  @vjizzle said in pfBlockerNG-devel not showing blocked DNS requests: Ok clear BBcan177. Do you have a timeline for when that version and the unbound option is going to be released? If you need help in testing, I’m here. Nevermind, I can see that there is no release date yet. Thanks BBcan. This topic can be closed I suppose.
• S

  2 Questions: Whitelist and UT1
  • Stewart  

  9
  0
  Votes
  9
  Posts
  121
  Views

  

  @RonpfS said in 2 Questions: Whitelist and UT1: @NollipfSense Your Whitlelist should have only domain names, no URLs or http:// That's what I have...see second post...WAIT, I see the mistake...thanks!
• D

  can pfblocker-ng alerts page be adjustable
  • detox  

  9
  0
  Votes
  9
  Posts
  123
  Views

  

  @BBcan177 Ah...that makes sense...I'll patiently wait for the updated d3pie.
• J

  Leverage NextDNS BlockList Metadata
  • jeffvogelsang  

  2
  0
  Votes
  2
  Posts
  128
  Views

  

  @jeffvogelsang The pfBlockerNG-devel package has an existing Feeds tab. It would probably be more efficient to request changes to the feeds or submit a PR against the database here: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_feeds.json Keep in mind that I typically do not add feeds that are compilations of other Original Feeds. Best to go directly to the source. There are changes to be made to the json already as some feeds are now discontinued. That will happen in the next release.
• O

  This topic is deleted!
  • Oudel  

  1
  0
  Votes
  1
  Posts
  7
  Views

  No one has replied

• G

  geoip floating rules not being generated?
  • gregfitz  

  2
  0
  Votes
  2
  Posts
  46
  Views

  

  From your FW rule, it looks like there is no Firewall 'Auto' Rule Suffix' in the description. Your Firewall 'Auto' Rule Suffix is set to "AR" and that doesn't show in the Description of the FW Rule. I guess you changed that setting it at some point. Did you disable pfblockerNG when you changed the settings ? Select 'Auto Rule' description suffix for auto defined rules. pfBlockerNG must be disabled to modify suffix.
• N

  TLD shutting down on pfBlockerNG-dev?
  • nopro  

  3
  0
  Votes
  3
  Posts
  100
  Views

  N

  @NollipfSense Thanks for the suggestion of increasing states/table entries. I will give it a try. Although, as described in my initial post, my system seems to use a disproportionately low amount of memory about two hours after reload, it seems to apply TLD filtering adequately, as far as I can discern from looking at my Reports/Alerts/DNSBL log... Still puzzled... EDIT: Of course, I might not know about packets escaping filtering and thus logging, yet the log appears to be populated in a plausible manner.