@llebgrate said in GEO-IP not logging:

Fixed. Thanks.

You Welcome 😉

Hello jdeloack
Thanks for the feedback.
the ambassador update is scheduled for next week.
I tried to replace the current package with the devel but for that I will need to update the version.

Immensely grateful for the help.

Soooooo...........

Somehow I deleted the WAN rule the is auto added at the time you do the NAT rule. This I do not remember doing at all but I am so dumb.

I really should have checked,. It came to mind when I was telling someone that "I can't figure out why the default rule is blocking it the only way that would happen is if I moved a rule to block or if I deleted it"

It clicked how stupid I am as I was saying it to the person.

PEBKAC

So I've tried to add custom lists to IPv4 but those only seem to resolve the top level.

I'm having a difficult time understanding how the technology can white list .avid.com which includes all the sub domains of avid.com, but it's impossible to block everything except what is white listed....

I mean this is a pretty typical need I imagine. A lot of people use whitelisting only for outbound traffic.

On sonicwall it's based in the Alias rules themselves. But on pfsense it seems like the developers of pfblockerNG have giving the ability to whitelist .avid.com but not the ability to block all other traffic...

I guess thats why i'm so confused. Because I can clearly see that i can use .avid.com on DNSBL to white list avid and all it's sub domains, but I cannot figure out how to deny all outboud traffic, except .avid.com

@nasheayahu said in Local port upon which DNSBL Webserver will listen for connections. The default port is 8443.:

My Unify uses port 8443, so my question is, if I keep this default

f6e7d7b3-d370-40a2-9a15-c48e98c2a6f9-image.png

You should read

This Port must not be in use by any other process on pfSense.

@nasheayahu said in Local port upon which DNSBL Webserver will listen for connections. The default port is 8443.:

2nd Part Question, even though its using 10.10.10.1 IP at 8443, this will not effect my Unity using 192.168.1.100 8443

Not at all.

@serbus
I removed RAM disk and it works correctly.
I also opened a bug report for this in the bug tracker.

Thank you very much for your time and your help, greatly appreciated.

Laurent.

Use "view":
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

2.1.4_22 ?

I would say everybody was using the latest version - pfBlockerNG-devel 2.2.5_34 - not the ancient one.
2.2.5_34 is rock solid according the author. There is no active development for 2.1.4_22 any more.

So .... upgrade ?

edit : oops - didn't saw the two messages after the initial one.
2.2.5_34 works for you ?

@coolcliff said in Blocling specific URls in a website, not the whole website:

Not the complete website play.google.com.

play.google.com is a FQDN, paly is the host name, google.com is the domain.

play.google.com is an URL that gets converted to an IPv4 and/or IPv6. This process is what DNS is all about. This IP is then used to by the web browser - the FQDN becomes irrelevant, and the "file path part and parameters" = store/apps/details?id=com.game168.gameofmafia is used to ask the needed info from the web server. This parts is of course hidden in a TLS session.
Which means that no one can see it.

PfBlockerNG works with the "DNS"part, and will never see the "store/apps/details?id=com.game168.gameofmafia".

To have access to the "store/apps/details?id=com.game168.gameofmafia" part, you need a http(s) proxy, like Squid.

@Raffi_ Good thought. It is an SG4860. All ports currently in use, but I can probably rejig things to try that. Just have to find the time.

@manjotsc

You Welcome 😉

It could be an error in the third party database being downloaded. Or, IPs "move" (https://azure.microsoft.com/en-us/blog/windows-azures-use-of-non-us-ipv4-address-space-in-us-regions/).

To allow an IP you need a firewall rule above it. What I often do is set up an Alias Native alias and then can use it in whatever NAT or firewall rule I want (which allows ordering). The files are downloaded and stored on disk by country code:
e21f386f-a1f0-41b8-832f-08634edf26db-image.png
Remember to run an Update in pfBlocker after creating the entry, to generate the alias.

As pfBlocker notes you can also default block all, and just allow the desired IPs or countries.