@jacol Thanks, I got it working. Turns out that my config was right but I noticed from PFSense syslog that I get login 401 to my ELK server. Changed the user and now it works!

@NogBadTheBad $90 is a lot more expensive than most TLDs, so I don't understand why that would be a reason to block an entire TLD.

Ouch, glad I don't have any .tk domains then!

@RonpfS

That is understandable. Thanks for the answers. I'll try to find a way to use these logs in my need.

This DNS server will only be used when you use the Alerts Tab "+" icon to whitelist a Domain.

@NollipfSense I'll for sure try to import the DNSBL cert to my browser later in the day.
My dns over https is also disabled :)

Figured this out.
I replaced pfBlcokerNG with pfBlockerNG-Devel but the behavior remained the same. Creating a rule based on a GeoIP alias containing a country, opens ports 81 and 53 to the world (despite ports 81 and 53 are not included in the alias settings; only the required ports are included). To avoid this, in addition to (or instead of) having Custom DST Port in Firewall > pfBlockerNG > IP > GeoIP > Continent > Advanced Inbound Firewall Rule Settings, the ports are also required to be set in the Destination Port Range of the Rule, otherwise ports 81 and 53 (in addition to other opened ports) would be opened to the world. In my case I disabled the Custom DST Port and set the Destination Ports Range in the rule. I am not sure about the purpose of the "Custom DST Port" in GeoIP.

@BBcan177 Thanks for your help.

Sorry I have wasted your time.

lastly, pfBlockerNG is amazing. It just makes pfSense so much more powerful as a great firewall solution.

These settings are all and only stored in the main pfsense config xml file.
All other files on the disk should be removed. It's not a "setting", after all.

@gabric098 said in How to fully uninstall pfBlockerNG:

zero knowledge about pfblockerNG

Me neither.
That's why I read the installation manual(aka : the php and xml files that install pfblockerNG are in plain old school English ...).

@Gertjan i will keep watching
thanks again

@wormuths Up again.

@provels - Hi, I am running pfBlockerNG (v. 2.1.4_20).

I don't use DNSBL, just the IPs. I started readding the blocklist IPs (e.g., BinaryDefense, EmergingThreats, firehol Level 1 to 3) and they now work.

Hi guys,

I came back again and unbound is now working.

Thanks for all of your replies.

Ok Thanks for all the help John.

I was not aware of the role of the .orig files. I tried clearing both (AfunList.orig from /var/db/pfblockerng/dnsblorig and AfunList.txt in /var/db/pfblockerng/dnsbl) and then force updating DNSBL. Both the orig and txt files were regenerated from the list feed

As far as I can tell, the feed is correctly synced.

@RonpfS said in pfBlockerNG rule download failure log entry- false positive?:

Can you access the URL for AfunList in a browser?

Yes.

So I'm not sure why the log is reporting an error

@NollipfSense Good deal. Package probably didn't completely reinstall when you upgraded. If you install the daily snapshots now, it will go a lot faster as it just installs the update without package reinstalls (like 5 minutes total).

@Qinn Looks like it, at least for the present.

@Qinn
If you see the line about "MaxMind last updated..." Then there is no failed download errors. Otherwise, you have more than 4 failed downloads, and you need to scroll the widget window down to see the last event and there should be the trashcan icon. Going from memory on this one.