i've find a solution, i made an repository on github en load up an txt with the ip's from whatsapp server that a find on the documentation from developer facebook, and make a new ip rule with that link!!

By all means keep the custom openvpn port, I find that practice as reasonable, bots and what not scanning services causes spam, the problem is tho if you get used to seeing that spam, then the one day you have a legit attempt at your security you likely to ignore it as you just used to seeing daily spam. Which is why I use custom ports for non public services a lot of the time.

On the question of things like snort, I wouldnt bother in a situation where the one and only listening service is a private VPN server.

Hello,

I just switched the pfblocker from standard to devel and the problem went away.
Sadly I didn't have time to check the logs :(

That sorted it thanks - now why did I not think of that !

Cheers

See the following thread:
https://forum.netgate.com/topic/125250/firewall-rules-order

@cjbujold
Anything that is blocked is visible in the Reports/Alerts Tab. You can use the "Alerts Filter" to refine the search.

drill @8.8.8.8 intuit.com

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 35702 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; intuit.com. IN A ;; ANSWER SECTION: intuit.com. 1 IN A 199.16.139.15 intuit.com. 1 IN A 12.179.134.145 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 39 msec ;; SERVER: 8.8.8.8 ;; WHEN: Mon Jul 22 00:46:29 2019 ;; MSG SIZE rcvd: 60

@romulusrodent

Yes use any other available port... So don't reuse the same port that pfSense HTTPS is utilizing.

@RonpfS said in YouTube ads coming thru on AppleTV for some time now.:

@lmannyr said in YouTube ads coming thru on AppleTV for some time now.:

How do I add the ip to "manifest.googlevideo.com" to pfblocker? Also how did you apply it. I already have dnsbl running.

DNSBL doesn't operate in the IP space, it operates in the Domain Name space.

You can add the domain name to a DNSBL Custom_List in any DNSBL Group.

You could also create a new DNSBL group and put it in the group DNSBL Custom_List. You need to do a Force Reload DNSBL after.

Hey so I know this is really old but did this work for you on pfsense? How did you apply it? I already have dnsbl running. Was there any drawbacks to blocking it?

Not trolling - have no idea version user is using. And I was gone for the whole month of June.. And just back last week or so.. So have not really kept up with "everything" while gone.

Glad to see such a fix finally.. Thanks!

So, Not really sure why this happened as it seemed to be working fine.
But, uninstalled then reinstalled pfB.
Deleted all pfB rules on all interfaces that had not been working and set them up one by one.

Now all seems to be working

So a question..
Is there any problem setting up a rule for pfB and then coping to another interface without causing a problem? (Even if copying from a WAN rule to a LAN interface)
I don't think there has been a problem before doing this, but want to verify.
This time around we changed the description on each rule to include the interface name and did not copy rules.

Not sure if this "was" really the fix.

doh...forgot I manually entered DNS on my computer to use a smart DNS....all works fine.

If you are not using pfBlockerNG-devel, please switch to that version.

@JeGr Thank you for your time and response. What if I use any one of them , then will it be possible to achieve the task I'm looking for ? To allow single website to a single user and rest of the site should be blocked for him as per policy. If yes then please share me guide line or steps.

Regards

@RonpfS

Found the issue. The IP address was already listed at https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

@BBcan177 Thank you issue has been solved.

@BBcan177 said in Pfblocker ports:

@mikekoke said in Pfblocker ports:

@BBcan177 said in Pfblocker ports:

In the DNSBL tab. there is an option to create a Permit rule to allow VLANs to hit the DNSBL VIP on the open ports.

I have already used that setting to select the two VLANs, but randomly the udp 443 and the tcp 4070 are also requested

Not by DNSBL. Maybe the device that has domains being blocked tries to hit those ports?

https://www.speedguide.net/port.php?port=4070

The device that continues to connect to udp port 443 is a Sony Android smartphone but it is not possible to specify which one.
It appears that the connection to port 443 udp is linked to a warning in DNSBL.

@JeGr I shouted 'victory' to soon, or I'm missing something.

I assumed, I would simply select no interfaces in 'General Settings' / 'Interface/Rules configuration, but it appears you have to select at least one interface. What am I missing.

Thanks a lot for your help.

edit
never mind / found it: List action: Alias Native, Looks like the rule isn't created with this option, only the alias
/edit