@bbcan177 said in No Internet connection on LAN interfaces after reboot:

pfSense Resolver Log Level

Wheres that under mate ?

Definitely inspect the content--you will probably find a URL which is not blocked being used there.

Sometimes you may be getting ads from a subdomain, so you may need to check the "Enable TLD" to attempt to deal with these subdomains.
Also, so sites host ads locally, but that is less common. A content inspection should tell you.

We experienced the same behaviour with the blocklist from AlientVault and EmergingThreats:
https://reputation.alienvault.com/reputation.generic
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

e.g. the AlientVault List contains the IP 97.83.55.0 and the IP 97.83.55.76 is blocked.
Reputation is disabled. De-Duplication and CIDR Aggregation is enabled.

Thanks!

Looks like the devel build does solve this issue.

Thanks, with disable the IPv4 table and remove the associated Auto FW rule understandably.

For will prevent Selected IPs from being blocked associated Auto FW just enough these IPs add in pfBlockerNGSuppress alias at Suppression = Enabled and all?

In PfblockerNG --> General there is the Option Rule order.
I think you should define a custom ip list (under ipv4 section) with action "pass" and than define the rule order so pass come before block/reject.

@totalchaos1010 said in Blocked Site Report:

@ronpfs Thanks for the response. Have the alerts tab, yes, however I am looking for "total count" reports, not log format.

What total count ? Total number of entries per URL ? You should be able to find that in pfblockerng.log.

You could also use pfblockerng-devel that has a Reports tab with more statistics about the package.

I downloaded the 1x1 Gif, uploaded the file in the Encode files into Base64 format section, select UTF8, hit >Encode<, I got the same result as the one in the index file.

@fernis

IP Tab
Edit the Alias name
Modify the "Action" setting.
Click on the blue infoblock icons for additional details.

@moon_d
What do you mean by "directory"?

One is https - with the cert error, but nslookup shows everything is working ok - thanks. I was thinking Chrome was looking at it's list first before it gets to PFB. I don't have anything in the IPv4 list. How your can tell the difference between lists and feeds come to that ? - I guess one has site domains and the other IP's ...

yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though.

Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.

i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france.
since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms..

this makes my browsing much less inpatient

If you inspect the pfblockerng.log it has been saying that for every Cron update or Force Reload DNSBL since you enable TLD.

To track memory usage, use Status Monitoring , System Memory

I've been using some Pi_Hole blacklists too, which you could try:
http://sysctl.org/cameleon/hosts (Cameleon ads)
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads)
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers)
https://hosts-file.net/ad_servers.txt (Hosts File Ads)
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist)

You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it.
https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z
Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page.

I hope this helps!

OK Fixed the error on block count =0

It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.

DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/

@ronpfs, thanks for pointing this detail.