• 0 Votes
    5 Posts
    692 Views
    S

    @RonpfS said in Embeeded youtube clips won't work. Firefox detected a potential security threat and did not continue to www.youtube-nocookie.com:

    Remove your Whitelisting of the domain, Force Reload All, then whitelist it using the Alert Tabs to see what pfblockerNG will whitelist. www.youtube-nocookie.com is a CNAME : youtube-ui.l.google.com that need to be whitelisted as well.

    Thank you now it works! It added the following to the whitelist:

    .www.youtube-nocookie.com .youtube-ui.l.google.com # CNAME for (www.youtube-nocookie.com)
  • Get IP range by AS number

    3
    1 Votes
    3 Posts
    315 Views
    BBcan177B

    pfBlockerNG-devel already has ASN support in the IP State setting. Also Radb registry isn't very accurate. The package is using bppview.io instead.

    https://api.bgpview.io/ip/<IP>
  • pfBlockerNG certificate error

    5
    0 Votes
    5 Posts
    1k Views
    cybrnookC

    Your local device could have had the entry cached. Normally I will also disconnect my device from the network, and back on to force the device to flush local cache. Sometime a /flushdns on windows helps too.

  • Access to my VPN and Plex Server while abroad

    2
    0 Votes
    2 Posts
    400 Views
    NollipfSenseN

    @NasKar said in Access to my VPN and Plex Server while abroad:

    I would like to access my VPN to make changes to my firewall just in case and my Plex Server.

    Trust me, it's not a good idea to change your firewall through VPN. Make the changes before you go.

  • curl error 7 on all downloads

    9
    0 Votes
    9 Posts
    1k Views
    GertjanG

    @Koent said in curl error 7 on all downloads:

    analyse the FW daily

    Me neither.
    But I do check 'basic' operations when changing 'major' things like interfaces that deal with outgoing traffic.
    In this case : because the NIC called WAN (actually : PPPoE) now faces the Internet directly. Before, pfSense was probably hidden behind another router (no standard, but normal for a DHCP client mode). Now, it's time to re check and double check your WAN rules : typically none should be there exception NAT rules.

  • pfBlockerNG PHP Error Caused pfSense to Crash

    1
    0 Votes
    1 Posts
    113 Views
    No one has replied
  • Fore Reload pfblockerNG at cold boot / reboot?

    2
    0 Votes
    2 Posts
    218 Views
    provelsP

    I tried to add

    /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php update >> /var/log/pfblockerng/pfblockerng.log

    as a shellcmd, but it still ran too early. I don't know how to make it sleep for a couple minutes.

  • Torrent trackers, Shodan, AWS and other feeds

    3
    2 Votes
    3 Posts
    805 Views
    NollipfSenseN

    Thank you both for sharing...I learned about Shodan for the first time.

  • 0 Votes
    30 Posts
    10k Views
    johnpozJ

    So their servers or cluster at each pop can handle 65k users - yeah find that unlikely ;) This just a perfect example of how misuse of ipv4 space ran us into a shortage of ipv4 way before it should of ever happened..

    Network space should be assigned appropriately for the amount of devices that will be using that space.. Even when inside rfc1918 space (which has limits as well) Sure you allow for growth and such.. But come on their 8 core 10ge box could handle anywhere close to even 8k users? That would leave you at most 1.25mbps each user ;) Let alone 64k users ;)

  • Feeds for some Cloud Service providers

    3
    0 Votes
    3 Posts
    360 Views
    viktor_gV

    @provels They can be used as whitelists instead

  • PFBlockerNG changing the order of my own Floating Rules

    10
    0 Votes
    10 Posts
    3k Views
    BBcan177B

    Those are the default settings now... If none of those Auto rule settings work for your needs, you can always use "Alias Type" Action settings and manually create the firewall rules to suit. Click on the blue infoblock icon for the Action setting for more details.

  • Public DNS, DNSCrypt and VPNs feeds

    2
    0 Votes
    2 Posts
    377 Views
    JeGrJ

    Perhaps @BBcan177 can add them to the feed list in one of the next sub-versions?

  • Active Directory Server & pfblockerNG Suggestion Required

    3
    0 Votes
    3 Posts
    504 Views
    johnpozJ

    Yeah if your MS shop using AD, its prob best to let MS be your dhcp and dns... Then just have your AD dns use pfsense/pfblocker for your dns to external domains.

    You can put in a domain override in pfsense so it can resolve your PTRs for networks and the like.

  • Suggestion - Disable default DoH in Firefox

    2
    1 Votes
    2 Posts
    309 Views
    GertjanG

    Hi,

    He (@BBcan177 ) already spoke about it here (the DNS forum).

  • traffic getting through pfblocker

    Moved
    3
    0 Votes
    3 Posts
    297 Views
    M

    Thanks for the reply. I found a way to get it to work...

    At the bottom of the Custom Address List, there is a drop-down menu with the option "Update Custom List" -- selecting that item and then forcing an update fixed the issue and the address was correctly blocked.

    What's odd is that I've never had to select that before. I've always just added the address, forced an update and literally watched as no more targeted traffic made it through the firewall.

    I'm not sure what changed, but at least I was able to get it working.

    Thanks again!
    -Michael

  • PHP Error showing up on backup firewall (CARP)

    1
    1 Votes
    1 Posts
    113 Views
    No one has replied
  • What does "SFS_Toxic_BD" mean? – Is Zoho bad?

    12
    0 Votes
    12 Posts
    2k Views
    NogBadTheBadN

    @skilledinept said in What does "SFS_Toxic_BD" mean? – Is Zoho bad?:

    Just to be clear, I'm not blaming anyone or anything, it's only curiosity and, I did install the developer version. The whole UI change threw me for a loop so I followed the little walkthrough just enough to get filtered DNS and left the rest for later.

    Those in the know install the developer version ☺

  • pfBlockerNG Throwing Multiple Errors

    2
    0 Votes
    2 Posts
    365 Views
    BBcan177B

    https://www.reddit.com/r/pfBlockerNG/comments/chsajn/cant_get_geoip_to_block_foreign_countries/

  • Some popular lists not loading

    7
    0 Votes
    7 Posts
    1k Views
    BBcan177B

    @Koent
    When you run a "Reload" it uses the previously downloaded feed if it was previously downloaded.
    Goto the Log Tab, view the file in the "dnsbl" folder, and delete it, then run a Force Reload/Update

  • Bypassing pfblocker for a specfic static ip?

    3
    0 Votes
    3 Posts
    1k Views
    T

    If you are using static mappings in the DHCP, I believe that one alternative to modifying unbound's custom options would be to specify DNS servers in the DHCP static mapping(s) of the host(s) that you wish to exclude from DNSBL. Of course, this is only if you're willing to use other DNS servers. For example:
    e34b1368-01ba-42a4-9823-862e35fed9b7-image.png
    That way, the host(s) won't use the pfSense machine for DNS at all. Note that you would need to take additional steps for this to work if you have also configured a NAT port forward to redirect any DNS requests from hosts on your LAN to unbound.

    Also, keep in mind DNSBL IPs (if enabled), which are handled via firewall rules instead of unbound:
    8942b15e-05a0-427a-8c20-3fc57f2a1077-image.png

    If you want certain static IPs to also be excluded from this, you can set the list action to Alias Deny, as in my screen shot, and then create your own block rules that do not apply to the static IP(s) in question. Or you could leave the List Action set to one of the "Deny" options that automatically creates rules, but configure advanced rules that exclude your static IP(s):
    100b1944-6399-4c4a-950b-6012b05a0edd-image.png

    @BBcan177, if any of this is terrible or misguided advice, please feel free to set me straight 😉

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.