@bbcan177 said in pfBlockerNG v3.0.0_6 update:

Add preliminary DNSBL Group Policy configuration that will globally bypass DNSBL for the defined LAN IPs

Thank god for this new functionality, thank god! (well, thank bbcan177!!!)
Sure looking forward to the CIDR notation

It appears to be working now that the cache is cleared, thanks.

@bbcan177 work perfect

Thank you @BBcan177 for confirming your (eventual) plan and @Gertjan for the graphic picture. :-)

@griffo @ronpfs in my case things have gotten more interesting. I can see a restart before each outage. So this suggests

an unplanned reboot happening about once a week pfblockerng or unbound does not start up correctly upon restart

#2 is fixed by re-starting pfblockerng but #1 will need more digging. It's easy to see if this is happening by checking NTP logs (search for "Starting") or system logs.

The reboot is interesting. In all three cases LAN was fine, WAN was knocked out by the restart, CPU temps are very good, and in at least two of the cases I was making network adjustments through the unifi UI for my access points at the time that things went down. Possibly coincidence.

@amrogers3 The easy way to learn how to do thing is to use the Alerts tab '+' icon, it will offer choices for whitelisting according to the blocked type (DNSBL, TLD, Regex, etc). You can then review the DNSBL Whitelist to see what pfBlockerNG did.

If you find blocked IPs in the Alerts tab, then you can whitelist or suppress them with the '+' icon.

@bbcan177
Thanks! Everything is working.

Using a large alias on many NAT or firewall rules can slow down the web GUI as it downloads the alias hint/tooltip multiple times. In one case for similar connections to multiple servers, we changed the NAT rules to allow any source IP, turned off the linked firewall rule, and created one firewall rule to allow "from the alias" to all of the servers on that same port, so there is only one rule using the alias instead of many.

@miiwaukee

Figured it out. Had an incorrect Outbound NAT Entry that was set to IPv6 instead of IPv4. Issue resolved!

@provels said in MS activated DoH at the operating system level, in this "great" 20H2 release...?!:

What would happen to those of us using the resolver and talking to the roots?

Hello everyone...

Okay (hmmm, how should I start, OK I already know), I’ll post a new and great evidence on this theme (Win10 _20H2 vs. DoH) in 2021, so I am not doing it now, ...because I want to (sorry,....I would like to)..... and I would like to wish a beautiful Christmas and a pleasant New Year holiday to everyone, but then comes the dread in 2021....HOHOHO..HAHAHA, like bird flu H1N1 - Winflu 20H2 - HIHIHI

-it wasn't a good joke, though it looks a bit similar.....✋ (so, "give me five")
(I am using roaring emoticons 😉 , not like others :)

of course only for those who like to control their own DNS stuff -

I look forward to seeing everyone, if you are interested in the future... and theDNS theme

BTW (preliminary):
the encouraging test environments: (4 colleagues, 4 separate locations (in EU), 4 external pfSense installations - same Win image - 20H2)

2020-12-22_17h03_37.jpg

+++edit:
MY new year "vow" WILL BE that I wont be createing less colorful posts and 😂

+++edit2:
anyway, I use windows everyday (to my stuff)
well, that's a joke (so I got upset)

@sebm said in pfBlockerNG-devel v3.0.0_7:

While in Firefox, the first file I select never gets loaded,

Using Firefox 84.0 - no adds, when I visit :

1d1ebd34-dbd6-4ec3-af08-bb59b1496741-image.png

Now, I'm invited to make my selection, using the second "Log/file selection" pull-down list
When done, the file is shown right away.
Looks fine to me now.

@bbcan177

Yeah I saw that, but nothing clear about the free version. Maybe we just have to wait.
Anyway thank you @BBcan177

@bbcan177 said in Some download FAIL alerts:

Yes that is what I said in that reddit post.

Yup, I understood. I said that too above. (free for private use)
Yes, it works with a minor bug, the download sometimes doesn't start, but if I know well they are working on it.

@bbcan177 oops.. I cleared it and it’s all good. Thanks. 👍👍

Thank you both for the sugestion. Already implemented it and it's working great!

@bbcan177 That's what I was afraid of. Guess I'm asking Santa for a computer so I can get the most out of this.

@rloeb said in pfBlocklerNG v3.0.0_6-devel blocking all outbound traffic?:

Thank you.

Do not mention it 😉

@thewismit said in Whitelisting guidance:

I need to curate the feeds?

definitely 😉

the pfBlockerNG installation (app) includes predefined lists, but this is everyone's individual taste and goal oriented...

Like:

ee9d8d53-fdc6-45b8-849c-154b6e9b6257-image.png

+++edit:

of course you can use multiple lists, but like I said, define your goal (in addition to what is specified in the DEV or not pre-installed)

always be careful with these, as it can be annoying to install a senseless lists

+++edit2:

one more thought, if you have to do too many things on a whitelist, think about whether you choose a good BLK list(s)? 😉