• pfBlockerng very slow at DNS

    9
    0 Votes
    9 Posts
    3k Views
    C

    Definitely inspect the content--you will probably find a URL which is not blocked being used there.

    Sometimes you may be getting ads from a subdomain, so you may need to check the "Enable TLD" to attempt to deal with these subdomains.
    Also, so sites host ads locally, but that is less common. A content inspection should tell you.

  • 159.89.13.0 is converted to 159.89.13.0/24 !?

    4
    0 Votes
    4 Posts
    503 Views
    S

    We experienced the same behaviour with the blocklist from AlientVault and EmergingThreats:
    https://reputation.alienvault.com/reputation.generic
    https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

    e.g. the AlientVault List contains the IP 97.83.55.0 and the IP 97.83.55.76 is blocked.
    Reputation is disabled. De-Duplication and CIDR Aggregation is enabled.

  • Pfblocker VIP redirection not working for some domains

    1
    0 Votes
    1 Posts
    177 Views
    No one has replied
  • pfBlockerNG setting IPv6 AS blocks as IPv4

    3
    0 Votes
    3 Posts
    455 Views
    DyspareuniaD

    Thanks!

    Looks like the devel build does solve this issue.

  • pfBlockerNG firewall rules and exception

    5
    0 Votes
    5 Posts
    1k Views
    L

    Thanks, with disable the IPv4 table and remove the associated Auto FW rule understandably.

    For will prevent Selected IPs from being blocked associated Auto FW just enough these IPs add in pfBlockerNGSuppress alias at Suppression = Enabled and all?

  • pfsense keeps blocking Cloudflare sever IP range

    Moved
    8
    0 Votes
    8 Posts
    4k Views
    S

    In PfblockerNG --> General there is the Option Rule order.
    I think you should define a custom ip list (under ipv4 section) with action "pass" and than define the rule order so pass come before block/reject.

  • Blocked Site Report

    4
    0 Votes
    4 Posts
    824 Views
    RonpfSR

    @totalchaos1010 said in Blocked Site Report:

    @ronpfs Thanks for the response. Have the alerts tab, yes, however I am looking for "total count" reports, not log format.

    What total count ? Total number of entries per URL ? You should be able to find that in pfblockerng.log.

    You could also use pfblockerng-devel that has a Reports tab with more statistics about the package.

  • How to encode a gif file to replace the base_64 image.

    4
    0 Votes
    4 Posts
    348 Views
    RonpfSR

    I downloaded the 1x1 Gif, uploaded the file in the Encode files into Base64 format section, select UTF8, hit >Encode<, I got the same result as the one in the index file.

  • Frequent pfBlockerNG GeoIP Alerts?

    8
    0 Votes
    8 Posts
    1k Views
    BBcan177B

    @fernis

    IP Tab
    Edit the Alias name
    Modify the "Action" setting.
    Click on the blue infoblock icons for additional details.

  • Pfsense / Pfblocker Directory

    2
    0 Votes
    2 Posts
    287 Views
    BBcan177B

    @moon_d
    What do you mean by "directory"?

  • pfblocker not working for every site in a list

    3
    0 Votes
    3 Posts
    493 Views
    randombitsR

    One is https - with the cert error, but nslookup shows everything is working ok - thanks. I was thinking Chrome was looking at it's list first before it gets to PFB. I don't have anything in the IPv4 list. How your can tell the difference between lists and feeds come to that ? - I guess one has site domains and the other IP's ...

  • How to block an ip range from any company.

    8
    0 Votes
    8 Posts
    1k Views
    C

    yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though.

    Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.

  • Working Blocking with fast CLOUDFLARE DNS - incl Torguard VPN

    3
    0 Votes
    3 Posts
    849 Views
    ressurexR

    i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france.
    since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms..

    this makes my browsing much less inpatient

  • Facebook blocked but don't receive the icon or message?

    1
    0 Votes
    1 Posts
    195 Views
    No one has replied
  • DNSBL not activating

    13
    0 Votes
    13 Posts
    3k Views
    RonpfSR

    If you inspect the pfblockerng.log it has been saying that for every Cron update or Force Reload DNSBL since you enable TLD.

    To track memory usage, use Status Monitoring , System Memory

  • pfBlockerNG-devel 2.2.5_21 / Ad Blocking advice

    3
    0 Votes
    3 Posts
    962 Views
    C

    I've been using some Pi_Hole blacklists too, which you could try:
    http://sysctl.org/cameleon/hosts (Cameleon ads)
    https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads)
    https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers)
    https://hosts-file.net/ad_servers.txt (Hosts File Ads)
    https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist)

    You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it.
    https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z
    Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page.

    I hope this helps!

  • pfBlockerNG v2.1.4_16 pfB_Top_v4 block count = 0?

    2
    0 Votes
    2 Posts
    296 Views
    P

    OK Fixed the error on block count =0

    It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.

  • (Solved)Difference between blocked answer?

    2
    0 Votes
    2 Posts
    222 Views
    RonpfSR

    DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/

  • (solved)dnsbl feeds position matters?

    5
    0 Votes
    5 Posts
    632 Views
    perikoP

    @ronpfs, thanks for pointing this detail.

  • Whitelist domain not working

    3
    0 Votes
    3 Posts
    591 Views
    perikoP

    I had check this, I understand part of how it works.
    Thanks RonpfS.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.